Hacker News new | past | comments | ask | show | jobs | submit login

But it's implemented now in such a way that anyone can get an email in there by simply crafting the From address carefully. Out of the lesser of two evils, I know which one I would vote for.

Besides, since in the proposed solution the system is creating the filter, it could bypass checks that require the label not be sent. Just because it shows in filters, and it can be removed from filters by the user, doesn't mean it has to be able to be created through the normal filter mechanism. You still have a "system of record", if that's how we want to refer to this feature, it just requires a single initial setup step on the first received email that is intended to be kept as sent. That's entirely in line with how Gmail currently does things, such as allowing alternate From addresses (which requires an authorization step).

I'm on board with this style of thinking. After reviewing the comments with the linked tagging behavior it's clear that Google is ignoring the spirit of RFC 2822 3.6.2-3.6.3 in order to shoe-horn in a feature of some possible utility, at the expense of the average customer's security.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact