undefined | Better HN

0 pointslyime1y ago0 comments

What would be a more secure (yet reliable) method for email delivery for such emails?

0 comments

Make the link in the email https://mercury.com/something instead of https://mailgun.com/something (which then redirects to https://mercury.com/something). Or (in addition to, or instead of, a hyperlink) provide a 6-10 digit numeric or alphanumeric code that could be copied out of the email message into a form field on the signin screen.

MaxGabriel1y ago

> 6-10 digit numeric or alphanumeric code that could be copied out of the email message into a form field on the signin screen.

To be clear this is what we're trying to avoid. An easily typeable code like that can be typed into a phisher's website.

1 more reply

sebastiennight1y ago

My understanding (as CEO of a startup using Mailgun for magic links) is that you're seeing mailgun in the URL because they have click tracking enabled — which, to be fair, is not super useful in the case of verification emails.

They could use a custom subdomain for this click tracking and "hide" the mailgun url from you, but we're finding that for some reason Mailgun doesn't just use a let's encrypt certificate, so some users will complain that the tracking links are "http" (and trigger a browser warning when clicked).

Anyway, even with click tracking disabled and links going straight to mercury.com, the security issue would remain the exact same (since Mailgun logs all outgoing email anyway).

But my understanding is that the contents of that email and its link do not provide "login" capability but "verification" capability. As such, a Mailgun employee accessing your data, or an attacker accessing your Mailgun logs, would only be able to "verify" a login that they had already initiated with your password AND your OTP —which means that's effectively a third hurdle for an attacker to breach, not a one-step jump into your account.

j / k navigate · click thread line to collapse