On Jan 30, 2021, at 11:54 AM, Tom Hendrikx tom@whyscream.net wrote:
IMHO you're still trying to re-invent the wheel :)
I don’t deny that. The goal of this project is as much (maybe more) to be a learning experience as it is to produce something useful.
FWIW, there are two reasons I don’t want to use a non-user-visible quarantine. First, there is always the possibility of a false positive, so all email must be made accessible to the user somehow. And second, there are occasions when you are expecting an email that looks spammy and you need to be able to get to it in a timely manner. The most common use case here is password reset links or 2FA authorization codes. It is not possible for a spam filter to distinguish a legitimate email of this type from a phishing attack. Only the user know if they recently requested a password reset. But *most* password reset emails are phishing attacks (at least most of the ones I get are) so I don’t want to see them by default.
rg