Forum email has been enabled.

johnraff · 2022-11-16 09:26:20

The BunsenLabs forum software email sending functionality has been restored.

Instead of the former Sendgrid, we are now using Amazon's AWS SES email service. Any email traffic sent to you from our forum system will go through this service. As such, AWS privacy policy and terms of service apply. See also the AWS Data Privacy FAQ.

Points to note:

Email subscription notifications are now possible. See your Profile > Privacy > "Set your subscription options". Notifications of new posts in subscribed topics will be sent to your registered email address.
It's now possible to send an email to another user via the forum email form. To receive emails like this you have to go again to Profile > Privacy and select "Hide your email address but allow form email". (It's not recommended to choose "Display your email address to other users".) If a user has enabled form emails there will be an "Email" link below their avatar which you can click to send one. A form will open where you can enter the message title and contents. Users sending emails this way will not see the recipient's email address, but the recipient will of course see the sender's address. You can reply to such an email in the usual way. If you don't want to reply you can ignore the message - the sender will not know your email address unless you reply.

dolly · 2022-11-19 11:57:37

Thank you for the update @johnraff.

unklar · 2022-11-26 12:13:22

To improve data protection, Amazon offers developers the option to re-encrypt data stored on AWS themselves - even when using an official software development kit.

Do I understand correctly, @johnraff, that you additionally encrypt the email traffic of the forum before it is stored on the aws server?

johnraff · 2022-11-27 01:53:49

unklar wrote:

Do I understand correctly, @johnraff, that you additionally encrypt the email traffic of the forum before it is stored on the aws server?

No.

Email is basically as public as a postcard. It's possible for two users to arrange to encrypt the content of email messages they send to each other, if they exchange keys, but even then the headers are not encrypted so the message routing is open for others to read.

BL forum email is:
1) Confirmation of a new registration. This will hold a password, so the newly registered user should change their password after first logging in.
2) Notifications of new posts. There is nothing private here.
3) Emails sent to other users via the form. Users should take care not to put anything sensitive in such messages. That applies to all email anyway (and also applied to Private Messages in the past).

Please see our privacy policy: https://forums.bunsenlabs.org/misc.php? … acy-policy
(NB Private Messages are disabled; references to Private Messages apply to the previous system.)

For the forum to implement encryption of email messages would be complicated and serve little useful purpose.

unklar · 2022-11-27 09:02:11

Thanks for your response, @johnraff.

Then I will not use the email traffic of the forum, because I am fundamentally suspicious of the handling of American providers (ASW Amazon) with the European data protection regulation (DSGVO).

johnraff · 2022-11-28 02:56:58

Hi Unklar, I quite understand your feelings about entrusting data to a US-based company. I guess many users - including me - will share them.

Our forum server is based in the EU (German company, Hetzner) and we considered using that same server for email sending, but there are technical complications. Hetzner are understandably afraid of being labelled as a spammer, and do not seem enthusiastic for their customers to send out automatically generated emails - some negotiation about port opening and traffic restrictions might be needed. AWS SES of course also care about that, and they check that users (like us) are correctly implementing authentication mechanisms like DKIM. I think we have set things up correctly. We still might consider switching to Hetzner for SMTP mail in the future, if things could be worked out.

Some other points to note:
1) Previously, the BL forum was using Sendgrid, another American company, to handle SMTP mail sending.
2) Our AWS SES SMTP mail server is located in the EU (Frankfurt) so will be subject to EU law.
3) Our mail server is SMTP only. Mails come from the forum software and are sent out to their destination. No incoming messages are received and no messages are stored on the AWS server, with the exception of "bounce" messages which are passed to BL.
4) AWS do seem to be making efforts to conform with EU regulations. How much you trust them to do this is of course up to the individual.
https://aws.amazon.com/compliance/gdpr-center/
https://aws.amazon.com/compliance/eu-data-protection/
https://docs.aws.amazon.com/ses/latest/ … ction.html

But anyway not to use the forum email sending form or to receive automatic notifications of new posts is a choice all members are free to make.

It is, though, a condition of membership to keep a valid email address recorded on your account here. This is so you can be contacted by forum staff if necessary. Such emails would not be sent by the forum software, but by individuals, and would not go via AWS SES. A possible exception here might be if there was a breach of security needing us to send out a mass email to all members. This (hopefully unlikely) case will need some further thought down the road.

@Unklar, and all members, I hope this clarifies the situation.

#1 2022-11-16 09:26:20

Forum email has been enabled.

#2 2022-11-19 11:57:37

Re: Forum email has been enabled.

#3 2022-11-26 12:13:22

Re: Forum email has been enabled.

#4 2022-11-27 01:53:49

Re: Forum email has been enabled.

#5 2022-11-27 09:02:11

Re: Forum email has been enabled.

#6 2022-11-28 02:56:58

Re: Forum email has been enabled.

Board footer