Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Privacy Issue: "Verified Sender" Tab shows details of all websites linked to a AWS Account #17

Open
shibindinesh opened this issue Aug 13, 2020 · 3 comments
Open

Privacy Issue: "Verified Sender" Tab shows details of all websites linked to a AWS Account #17

shibindinesh opened this issue Aug 13, 2020 · 3 comments

Comments

@shibindinesh
Copy link

The "Verified Sender" tab shows every Domain which we have verified for that particular region and thus using this Plugin on a client site will enable them to see other websites we manage that use the same service.

For individual users, this may not be an issue as there is only one domain, but I am sure there will be many developers who use SES to manage email delivery for multiple client sites and for us, one major factor of using AWS SES is the freedom to manage multiple websites from a single account and region making it very easy to manage to bill and keep track of accounts.

Since the users are created separately with their own unique Access keys for the SES to work, is the "Verified Sender" tab necessary to be shown in the plugin setting page? Or can you think of any method to show only the domain associated with the website and not every domain?
@sanzwebdevelopment
Copy link

sanzwebdevelopment commented Aug 31, 2021
edited
Loading

Wondering if there is a response to this as well? I'm hosting a number of clients on a Vultr server, managed by SpinupWP so there is no mail configured on the server. Was hoping all client sites could send through the one SES setup, just different "users" configured, however can now see that each client domain is listed. How do we "hide" this info?

UPDATE - found that adding define( 'WPOSES_HIDE_VERIFIED', true ); to functions.php hides that tab. This will do nicely :-)

@jonathanbossenger
Copy link

Thanks, @shibindinesh and @sanzwebdevelopment , I'll make sure to add this info to our help docs.

@crobbinsdg
Copy link

Technically all the other identities are still saved to your database. The constant WPOSES_HIDE_VERIFIED only hides the UI in the Wordpress Admin.

If you are adding your identities outside of the plugin and you'd like to not have that data available at all just leave off the appropriate actions from your IAM Policy. Example remove ses:VerifyEmailIdentity, ses:DeleteIdentity, ses:GetIdentityVerificationAttributes, ses:ListIdentities, ses:VerifyDomainIdentity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jonathanbossenger @shibindinesh @crobbinsdg @sanzwebdevelopment