one-time validation without second mail

Discussion in 'LiquidFiles General' started by Hudson, Sep 25, 2018.

  1. Hudson

    Hudson New Member

    Joined:
    Dec 28, 2017
    Messages:
    3
    Likes Received:
    0
    If we send a message to an unknown ("Only Specified") User - the process always includes receiving two Emails (ValidationLink + MessageLink). We don't want external Recipients to create an Account.

    Is there a possibility to configure that the recipient only types in (validate) his email address and after that (if correct) immediately forwarded to the message, without a reveiving second mail?

    Thanks,
    hudson
     
    #1 Hudson, Sep 25, 2018
    Last edited: Sep 25, 2018
  2. David

    David Administrator
    Staff Member

    Joined:
    Dec 1, 2015
    Messages:
    781
    Likes Received:
    31
    You will need then to disable the "Require External Recipients to create accounts" option in "Admin > Configuration > Settings".
    Then the external clients will be redirected directly to the message after the successful validation.
     
  3. Johan

    Johan Administrator
    Staff Member

    Joined:
    Dec 1, 2015
    Messages:
    39
    Likes Received:
    1
    At the moment we’re not planning to change how this work.

    The reason for the second validation email is that it authenticates the user. Typing someone’s email address is not authentication. If you think of a message with 5 recipients. Someone could forward that email to anyone with the instruction “when it asks, just type in any email address you see as recipient but mine and it will let you in”. If we added or changed this feature and called it email validation, it would give the impression that the email would be validated when in fact it wouldn’t be. And if we called it an authenticated email it would give the impression that we somehow authenticates the user when we don’t. Obviously we cannot have this type of discrepancies in the product.

    If you don’t want users to authenticate themselves, you have to send messages without authentication. The message link is randomized so no one can see or guess the link unless you give it too them. If you send someone an unauthenticated message and they are the only recipient, you know that they and only they have downloaded the message, at least with the same level of certainty as if you also requested that they typed the email address of a recipient.

    If we added some email capture page before the message, it would only be for unauthenticated messages and the wordings around it when sent as a receipt would be along the lines of “this email address was entered by the user without validation, it cannot be trusted”.
     
  4. Hudson

    Hudson New Member

    Joined:
    Dec 28, 2017
    Messages:
    3
    Likes Received:
    0
    Thanks for the replies!

    I agree that typing someone’s email address is not authentication and what I'm asking for is what Johan thankfully described with "email capture page".

    For me the Second/Validation-Email for each message is "too much" if i don't want to have the recipients as External User. On the other hand a message-link, reachable in the internet, gives an unsafe "feeling" by design without any key(email)-lock(link)-model. I'm looking for the right balance of security and effort and a "email capture page" option would be great for me.

    I thought maybe there is already such a option i can't find - but now it becomes a feature request :)
     
  5. Hudson

    Hudson New Member

    Joined:
    Dec 28, 2017
    Messages:
    3
    Likes Received:
    0
    Hello again.

    Is there a chance that a "email capture page" will be implemented as a additional Feature soon?
    Do i have to open a Feature Request?

    Thanks.
     

Share This Page