Currently, Phabricator does not maintain its own mail address bounce list.
In many cases, this isn't much of a problem because providers do it for us. Notably, Mailgun and Postmark both maintain a bounce list for you.
However, there are still two broad concerns:
- Some providers, like SES, don't handle bounces.
- Because we don't have API support for third-party bounces, there's no way to manage the bounce list from within Phabricator or see that your address has been blacklisted. This particularly affects hosted instances in Phacility, who must interact with an actual human via support if they, e.g., create a new hire's Phabricator account before fully setting up their Gmail mailbox.
- See PHI412. This is approximately a request for SES bounce support.
- (Via Email) Today (April 2, 2018) a Phacility install reported an issue with their mail provider over the weekend which caused more than a dozen addresses to bounce. I resolved this via script, but it would have been more convenient to resolve via a UI in Phabricator.
- See PHI641. This is a case where user visibility into blocklists would have improved things.
The list would look something like this:
- Keep track of first-party bounces (users can add/remove blocked addresses explicitly) and third-party bounces (mirroring the Postmark and Mailgun lists via API) and semi-third-party bounces (bounces reported by SES, which have no corresponding object in the remote system).
- Webhook support for SES, Mailgun, and Postmark, to learn of new bounces.
- Deleting a third-party bounce in Phabricator should also delete it in the third-party system.
- The mailer should decline to deliver to addresses on the bounce list.
- Possibly, some UI hinting like "hey your address bounced".
- Possibly, some easy way to review (just from /mail/?) bounces.
- Possibly, some way way to re-send bounces.
- MailGun has a separate "Complaints" list. This should probably be a single list on our side but maybe differentiate the two.
- We should use the terms "bouncelist" or "blocklist" or similar, not "blacklist". Although I think ascribing any real racial malice to the terms "blacklist" and "whitelist" is probably a bit of a stretch and there doesn't seem to be any etymological racism in these terms, they do quite reasonably sound kind of racist in a modern context, and it's easy to avoid them without any loss of clarity.