Provide security from e-mail validation abuse
Provide improved security from abusive/malicious/duplicate e-mail validations. currently the mailgun system is setup to accept validations without any checks or limits (other than your monthly limit set in your account). A malicious user or failure in code could generate hundreds or even thousands of duplicated e-mail validations without warning and mailgun would expect payment for these validations. The end result is you could be paying for e-mail validations that some malicious person generated or from some unknown failure on your web server. Currently Mailgun makes it difficult to determine where the abuse / trouble is coming from since there is no log reported for e-mail validations. The log is not the only answer, Mailgun needs to offer protection of duplicated requests much like a credit card does for duplicated transaction.

1 comment
-
Danil Smirnov commented
I would suggest two relatively easy-to-implement improvement on the validations security:
1) Allow users to define allowed Referer header value and then drop requests with different value
2) Introduce daily limit in addition to the monthly one, which will further mitigate the abuse threat
Please vote for this!