Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Avoid spam report for AWS SES email service #1692

Open
pombredanne opened this issue Dec 10, 2024 · 1 comment
Open

Avoid spam report for AWS SES email service #1692

pombredanne opened this issue Dec 10, 2024 · 1 comment
Assignees

Comments

@pombredanne
Copy link
Member

When deploying VCIO in public instances, there can be cases of abuse by spammers that request API keys for some random email and these folks can then rightfully complain that this VCIO instance is a source of annoyance.

Here I think a spammer requested an API key for someone else on the public.vulnerablecode.io and this created the spam signal @ AWS.

complaints via nexb-support
Attachments
Dec 8, 2024, 6:05 PM (21 hours ago)
to support

This is an email abuse report for an email message from amazonses.com on Sun, 8 Dec 2024 07:25:16 +0000

---------- Forwarded message ----------
From: [email protected]
To: --------------
Cc:
Bcc:
Date: Sun, 8 Dec 2024 07:25:15 +0000
Subject: Re: VulnerableCode.io API key request

We should design a way possibly with some captcha or similar, or integration with some auth thing like GH or Google to make this more difficult for spammers

We should also improve the text of the email with something like:

You (or someone pretending to be you) has requested a VulnerableCode API key
at https://public.vulnerablecode.io/account/request_api_key/ from this address:
    123.129.33.123

If you have not requested this API key, you can safely ignore it.  If you have any problems please contact [email protected]

The text template is below and also needs some love and updates:

@pombredanne
Copy link
Member Author

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Development

No branches or pull requests

3 participants