Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default setting for ACCOUNT_EMAIL_UNKNOWN_ACCOUNTS (True) results in spam emails #3794

Closed
longhotsummer opened this issue May 10, 2024 · 2 comments
Closed

Default setting for ACCOUNT_EMAIL_UNKNOWN_ACCOUNTS (True) results in spam emails #3794

longhotsummer opened this issue May 10, 2024 · 2 comments

Comments

@longhotsummer
Copy link

The default setting for ACCOUNT_EMAIL_UNKNOWN_ACCOUNTS is True. This means the default configuration of allauth is effectively happy to send spam reset emails to arbitrary email addresses.

I suggest this default is changed to False.
@pennersr
Copy link
Owner

But, if I signup using your email address, the system will happily spam you as well. So, changing the default does not prevent spamming yet does break backwards compatibility.

@pennersr
Copy link
Owner

Closing -- would not solve an issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pennersr @longhotsummer