when changing e-mail, send a notice to the old e-mail

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

when changing e-mail, send a notice to the old e-mail

dlang
when changing e-mail addresses, you should send a message to the old e-mail address, just in case it's not really that person making the change.
Reply | Threaded
Open this post in threaded view
|

Re: when changing e-mail, send a notice to the old e-mail

Peter <Nabble>
The password is required to make such change.
Even if it was implemented, what would happen if it was not the real user (which should not be possible since the password is required):
- If it is an e-mail with some sort of link or code to change back the e-mail, the owner of the previous e-mail would get notified and would probably do nothing because the thief would have changed his password already.
- If it is a confirmation e-mail which he would have to reply so the e-mail change is confirmed, it would prevent legitimate e-mail changes by users who lost access to their old account.

I really don't think that is a nice feature to implement.
Nabble staff. We never ask for passwords.
Reply | Threaded
Open this post in threaded view
|

Re: when changing e-mail, send a notice to the old e-mail

dlang
as you say, the message to the old account cannot require confirmation
because the user may not have access to it.

it would be a notification that the change has happened, so if the user is
not the one who made the change they can know that someone else is
accessing their account. If the password has not been changed, they can
change it. If the password has been changed, they can notify you that
there is a problem (a dispute of ownership of the account)

David Lang

On Wed, 1 Jun 2011, Peter <Nabble> [via Nabble Support] wrote:

> The password is required to make such change.
> Even if it was implemented, what would happen if it was not the real user
> (which should not be possible since the password is required):
> - If it is an e-mail with some sort of link or code to change back the
> e-mail, the owner of the previous e-mail would get notified and would
> probably do nothing because the thief would have changed his password
> already.
> - If it is a confirmation e-mail which he would have to reply so the e-mail
> change is confirmed, it would prevent legitimate e-mail changes by users who
> lost access to their old account.
>
> I really don't think that is a nice feature to implement.
>
> -----
> Nabble staff. We never ask for passwords.
> _______________________________________________
> If you reply to this email, your message will be added to the discussion below:
> http://nabble-support.1.n2.nabble.com/when-changing-e-mail-send-a-notice-to-the-old-e-mail-tp6424934p6428544.html
>
> To unsubscribe from when changing e-mail, send a notice to the old e-mail, visit
Reply | Threaded
Open this post in threaded view
|

Re: when changing e-mail, send a notice to the old e-mail

Hugo <Nabble>
Hi David, I agree we should send a notification to the old email. This will be implemented now. I will let you know when this is released.