This seems to open up a number of potential security issues (which Malte, DaveB and I have discussed briefly) which really warrant wider debate and scrutiny.
Malte suggested that I kick this off in the Forum here, so to get it going:
EXAMPLE USE CASE
A company deals with an agency. All mail goes to the
reception. The reception then forwards the incoming customer mails to the people concerned.
All mails recieved from a customer that are related to a project need to be stored along with the project as a comment or mail-tracking in the OpenACS system.
Personally I have grave reservations about allowing emails to get as far as the database!
It seems to me that if we do this we will be effectively using email as a way of triggering the execution of code on the webserver and also as a means of posting data via the webserver app to the database. This is almost like making email to the domain a valid db transaction. Sounds highly insecure to me. In the absence of checks and balances, is this not asking for problems with malicious emails and DoS attacks? Doesn't it completely circumvent the site session security?
Opening up a port for a mail transport agent on the computer running the webserver is something that I personally try to avoid for reasons of security, performance (exposure to high inbound email traffic loads that you cannot control) and bandwidth - for servers
on pay-per-byte backbone network hosting deals your exposure to email traffic once you open up an smtp server makes your bandwidth cost unquantifiable and uncontainable.
Sounds dangerous if to me, and ultimatelty offers nothing that a link in a notification email to the site won't accomplish! Initially I asked "why not communicate using the extensive facilities in the community system rather that have insecure, pstn emails flying around all over the place that then require another layer of admin to keep together?". The answer is that for a reception handling 100's of emails per day, keep having to login to the site to copy and paste the email text is cumbersome. I can understand this point of view.
Having used a system like this I understand its seductive convenience. I think that it would be a really good feature to have if we can figure out a secure(ish) way to do it.