id	summary	reporter	owner	description	type	status	priority	milestone	component	resolution	keywords	cc
408	Opt-in email	adehnert		"Another approach to handling our ""we keep getting marked as spammers"" issue (see also #357, #407) is to require users to opt-in or do something special to send mail, thereby preventing your average untargeted spammer from being able to exploit us to source spam.

We probably want to make sure that our autoinstallers (WordPress and MediaWiki in particular) are able to send account confirmation emails. We could automatically opt in anybody who runs those, but I bet that'll substantially limit the number of people we can catch. Another approach is to patch them to use some special default-enabled mechanism that untargeted spammers wouldn't try:
 * have a magic string like `current-locker-owner@scripts.mit.edu` that's always allowed and rewrite it
 * some simple API that allows unblocking mail for ten minutes, and call it right before sending mail
 * SMTP server running on a separate port or IP that isn't blocked, and configure them to use it instead

Notes on some of our common autoinstalled things:
 * WordPress doesn't obviously document their mail setup
 * MediaWiki can be [http://www.mediawiki.org/wiki/Manual:$wgSMTP configured to use a custom SMTP server], or uses PHP's mail function by default
 * Django has [https://docs.djangoproject.com/en/dev/topics/email/#smtp-backend pluggable mail backends] -- we could write our own, or configure the SMTP backend to use a [https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-EMAIL_HOST custom host/port]"	enhancement	new	normal		mail		opinionated