I want an opinion. If you have a rule to not allow signups with some email domain, would you expect it to also apply to signup requests, when your server is in manual-approval mode?
Mark that domain as suspicious so I take more time with this signup request.
And a third option: make signups open, except for the domain.
The second and third option require different UI and are technically specialized lists for different purposes than simple blocking. So I would answer with the first option.
Not "expect" directly.. Ideally I would want to have a) clear knowledge of the behavior, b) be able to inform myself about its effect (e.g. see log or alerts), and c) change a setting that allows me to override the rule in manual-approval mode.
Question is what should be default behavior. Say I launch a server exclusively for journalists, set a rule to block yahoo.com ('not trusted') and no manual approval. The time I find a 100 blocked journalists, is when I already lost them.
Safest might be to launch a server in manual-approval mode for a bit, and then see approval request with a clear red box or something saying "Blocked by email rule, do you want to override and approve the account?"
Add comment