devise icon indicating copy to clipboard operation
devise copied to clipboard
verified publisher icon heartcombo

Tell the recipient software when a password link expires.

Open arnt opened this issue 5 months ago • 3 comments

https://datatracker.ietf.org/doc/draft-ietf-mailmaint-expires/

That draft documents the (rare) existing usage of the Expires field, specifies a tighter syntax, and clarifies that "expires" doesn't mean having to delete anything. "Automatically moving the message from inbox to archive" is sensible.

The IETF mailmaint WG requires two implementations before issuing an RFC. I did this one today, to see how hard it would be.

(Or maybe the true reason is: I searched my mail today for a particular domain and and saw several old password reset messages among the top search results. That's junk, those links are expired, let's tell the mailbox indexer when those messages become poor search results.)

It seems reasonable to extend it to cover confirmation messages too.

arnt avatar Jul 08 '25 10:07 arnt

+1

benbucksch avatar Jul 08 '25 16:07 benbucksch

Huh, I didn't see any checklist when I originally made the PR? But it ① follows the code style (and what a nice style it is, too), ② adds tests and ③ contains no breaking changes.

arnt avatar Aug 21 '25 12:08 arnt

FWIW, Thunderbird just got an implementation of this. It can now archive messages automatically when (in Devise's case) the password link grows stale, or even delete the messages.

arnt avatar Oct 14 '25 16:10 arnt