DSR-Labs/de.deinestrainreviews.autoDeleteUnconfirmedUsers
1
0
Fork 0
Code Issues Pull requests Projects Releases 3 Packages Wiki Activity Actions

Feat: Email Reputation Protection: Silent Deletion for Legacy Accounts (v1.4.0) #6

New issue
Closed
opened 2025-11-20 23:09:48 +01:00 by DSR-Labs · 2 comments
DSR-Labs commented 2025-11-20 23:09:48 +01:00 (Migrated from github.com)
Copy link

Feature: Email reputation protection via silent legacy account cleanup

Description
Sending activation reminders to unconfirmed users who registered a long time ago (e.g., several years) poses a significant risk to the server's email reputation. These addresses are often invalid (causing hard bounces) or may have been converted into spam traps. Continuing to send bulk automated emails to these accounts can lead to the server's IP being blacklisted.

We need a mechanism to identify these "legacy" accounts and handle them differently from recent unconfirmed registrations.

Problem
Currently, the system treats all unconfirmed users the same, regardless of how long ago they registered. This means a user who registered 3 years ago receives the same reminder email as someone who registered 3 days ago. This is dangerous for deliverability.

Proposed Solution
Implement a "Reputation Protection" system that introduces a cutoff threshold for account age.

  1. Legacy Account Definition

    • Add a configuration option to define a "Maximum Registration Age" (in days).
    • Any unconfirmed user older than this threshold is classified as a "Legacy Account" and is considered risky to email.

  2. Silent Deletion Strategy

    • Add an option to enable "Silent Deletion" for these legacy accounts.
    • If enabled: The system checks for legacy accounts and deletes them immediately without sending any warning or notification email. This effectively cleans the database while preventing any outgoing traffic to potential spam traps.
    • If disabled: The system should "quarantine" these users (exclude them from the standard reminder process) so they can be reviewed manually in the ACP, ensuring they are not accidentally emailed.

  3. Logging & Reporting

    • The deletion logs should distinguish between standard "Automatic" deletions (users who received a reminder and were deleted later) and "Silent" deletions (legacy users removed for reputation protection).
    • Admin notifications should reflect that these specific deletions were silent to avoid confusion.
# Feature: Email reputation protection via silent legacy account cleanup **Description** Sending activation reminders to unconfirmed users who registered a long time ago (e.g., several years) poses a significant risk to the server's email reputation. These addresses are often invalid (causing hard bounces) or may have been converted into spam traps. Continuing to send bulk automated emails to these accounts can lead to the server's IP being blacklisted. We need a mechanism to identify these "legacy" accounts and handle them differently from recent unconfirmed registrations. **Problem** Currently, the system treats all unconfirmed users the same, regardless of how long ago they registered. This means a user who registered 3 years ago receives the same reminder email as someone who registered 3 days ago. This is dangerous for deliverability. **Proposed Solution** Implement a "Reputation Protection" system that introduces a cutoff threshold for account age. 1. **Legacy Account Definition** * Add a configuration option to define a "Maximum Registration Age" (in days). * Any unconfirmed user older than this threshold is classified as a "Legacy Account" and is considered risky to email. 2. **Silent Deletion Strategy** * Add an option to enable "Silent Deletion" for these legacy accounts. * If enabled: The system checks for legacy accounts and deletes them immediately **without** sending any warning or notification email. This effectively cleans the database while preventing any outgoing traffic to potential spam traps. * If disabled: The system should "quarantine" these users (exclude them from the standard reminder process) so they can be reviewed manually in the ACP, ensuring they are not accidentally emailed. 3. **Logging & Reporting** * The deletion logs should distinguish between standard "Automatic" deletions (users who received a reminder and were deleted later) and "Silent" deletions (legacy users removed for reputation protection). * Admin notifications should reflect that these specific deletions were silent to avoid confusion.
DSR-Labs commented 2025-11-25 07:13:27 +01:00 (Migrated from github.com)
Copy link

🚀 Status Update: Features Implemented & Submitted

The development for the Legacy Account Protection (v1.4.0) is complete. The system has been updated to effectively separate recent unconfirmed users from risky "legacy" accounts, ensuring the server's email reputation is protected.

Completed Implementation Details:

  • Data Storage & Logging

    • Implemented a dedicated storage system to track "quarantined" legacy accounts separately from regular user logs.
    • Extended the existing deletion logs to clearly distinguish between automatic, manual, and silent deletions.

  • Core Logic & Safety Mechanisms

    • Age Detection: Developed the logic to identify "legacy" accounts based on a configurable maximum registration age.
    • Silent Deletion: Implemented a mechanism to remove risky accounts immediately without sending any emails, preventing bounce risks.
    • Quarantine Mode: Users are now automatically placed in a "holding area" for manual review if they exceed the age threshold and silent deletion is disabled.

  • User Interface & Options

    • New Log Page: Added a dedicated "Legacy Accounts (Quarantine)" page in the ACP for reviewing risky accounts.
    • Manual Management: Administrators can now review and manually delete users directly from the quarantine log.
    • Configuration: Added new options to define the maximum registration age and toggle silent deletion behavior.

  • Notifications

    • Updated the administrator notification system to send distinct alerts for silent deletions, ensuring full transparency about why a user was removed.

Current Workflow Status

  • Development & Testing completed
  • Artifacts built ( .tar.gz )
  • Uploaded to WoltLab Plugin Store
  • Awaiting Approval by WoltLab Team (In Progress)
  • Merge into main branch
  • Publish GitHub Release

Note: This issue will remain open until the plugin has passed the official WoltLab code review. Upon approval, the code will be merged into main and the release published.

# 🚀 Status Update: Features Implemented & Submitted The development for the **Legacy Account Protection** (v1.4.0) is complete. The system has been updated to effectively separate recent unconfirmed users from risky "legacy" accounts, ensuring the server's email reputation is protected. **Completed Implementation Details:** * **Data Storage & Logging** * Implemented a dedicated storage system to track "quarantined" legacy accounts separately from regular user logs. * Extended the existing deletion logs to clearly distinguish between automatic, manual, and silent deletions. * **Core Logic & Safety Mechanisms** * **Age Detection:** Developed the logic to identify "legacy" accounts based on a configurable maximum registration age. * **Silent Deletion:** Implemented a mechanism to remove risky accounts immediately without sending any emails, preventing bounce risks. * **Quarantine Mode:** Users are now automatically placed in a "holding area" for manual review if they exceed the age threshold and silent deletion is disabled. * **User Interface & Options** * **New Log Page:** Added a dedicated "Legacy Accounts (Quarantine)" page in the ACP for reviewing risky accounts. * **Manual Management:** Administrators can now review and manually delete users directly from the quarantine log. * **Configuration:** Added new options to define the maximum registration age and toggle silent deletion behavior. * **Notifications** * Updated the administrator notification system to send distinct alerts for silent deletions, ensuring full transparency about why a user was removed. --- ### Current Workflow Status - [x] Development & Testing completed - [x] Artifacts built ( `.tar.gz` ) - [ ] Uploaded to WoltLab Plugin Store - [ ] Awaiting Approval by WoltLab Team (In Progress) - [ ] Merge into `main` branch - [ ] Publish GitHub Release *Note: This issue will remain open until the plugin has passed the official WoltLab code review. Upon approval, the code will be merged into `main` and the release published.*
DSR-Labs commented 2025-11-25 07:29:27 +01:00 (Migrated from github.com)
Copy link

Test

Test
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
v1.4.0
v1.3.0
v1.1.1
Labels
Clear labels   
bug

Something isn't working

  
documentation

Improvements or additions to documentation

  
duplicate

This issue or pull request already exists

  
enhancement

New feature or request

  
good first issue

Good for newcomers

  
help wanted

Extra attention is needed

  
invalid

This doesn't seem right

  
question

Further information is requested

  
v1.3.0

   
v1.4.0

   
wontfix

This will not be worked on

  
Compat/Breaking

Breaking change that won't be backward compatible

  
Kind/Bug

Something is not working

  
Kind/Documentation

Documentation changes

  
Kind/Enhancement

Improve existing functionality

  
Kind/Feature

New functionality

  
Kind/Security

This is security issue

  
Kind/Testing

Issue or pull request related to testing

  
Priority
Critical
The priority is critical

  
Priority
High
The priority is high

  
Priority
Low
The priority is low

  
Priority
Medium
The priority is medium

  
Reviewed
Confirmed
Issue has been confirmed

  
Reviewed
Duplicate
This issue or pull request already exists

  
Reviewed
Invalid
Invalid issue

  
Reviewed
Won't Fix
This issue won't be fixed

  
Status
Abandoned
Somebody has started to work on this but abandoned work

  
Status
Blocked
Something is blocking this issue or pull request

  
Status
Need More Info
Feedback is required to reproduce issue or to continue work

No labels
bug
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
v1.3.0
v1.4.0
wontfix
Compat/Breaking
Kind/Bug
Kind/Documentation
Kind/Enhancement
Kind/Feature
Kind/Security
Kind/Testing
Priority
Critical
Priority
High
Priority
Low
Priority
Medium
Reviewed
Confirmed
Reviewed
Duplicate
Reviewed
Invalid
Reviewed
Won't Fix
Status
Abandoned
Status
Blocked
Status
Need More Info
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
DSR-Labs/de.deinestrainreviews.autoDeleteUnconfirmedUsers#6
No description provided.