docs icon indicating copy to clipboard operation
docs copied to clipboard

Published 20 hours ago verified publisher icon sismics

Improve inbox scanning security

Open lowski opened this issue 5 years ago • 1 comments

Inbox scanning is fairly straight forward at the moment. I have a few suggestions on how to improve it:

  • Whitelist sender e-mail addresses (can potentially be spoofed) (contributors could be set based on the sender and receiver addresses)
  • Include a "secure token" in the email - somewhere in the email a string has to be included for the email to be imported
  • Document somewhere in Teedy who the sender was
  • Only accept accept PGP signed emails from whitelisted email addresses
  • PGP encrypted attachments

These proposals have an increasing amount of complexity both for the user and in terms of development time and all of them would increase security, but just the first two or three would have a great impact on the amount of trust you can put into the inbox scanning.

lowski avatar May 14 '20 12:05 lowski

I agree the first 3 make sense. If you feel like you can develop this like the other PR I would gladly merge it! 👍 However it needs to stay optional to keep complexity to a minimum for people who don't need it.

jendib avatar May 16 '20 16:05 jendib