Also, the info could be a temporary pop-up or notification (that does not accumulate, the notification would be a one-blurp, not a “history”) for the latest notification in the admin panel, so you aren’t bogged down with potential bullcrap.
There can also be opt-in/opt-out features for it. If you don’t like the emails, you can just shut it off.
@paradoxbound, @blinkingline. Yes, and that is exactly what I am getting at. If you download Mail-in-a-Box and it magically works, you don’t need to talk to us on the forums.
Now thinking about it, it would probably be best if announcements were uploaded to a Git repository, then periodic web requests made to the git repository, any new announcements would be pulled. Then the script running on the local box would take the email on the Git repository and locally send it to the admin as an email. Then there would be an opt-out link at the bottom of all the emails, which would lead to the user’s own webserver which would simply tell the script “hey, stop taking announcements and emailing them to me”.
We should also include a “privacy notice”, explaining to them that the emails are coming from their own mail server, and that we don’t know what their email address is. If I wanted privacy, but felt like I was auto-subscribed to something, I would be very upset. So to conform to the mental ergonomics (i.e. market this), we explain that their email address is not exposed to mail-in-a-box.
We should also set a policy that an email can only be sent only once every 24 hours, that the user’s script would enforce, so if the system gets hacked, there would only be one spam email sent out, provided someone reports the spam within 24 hours. To encourage people to report spam, we could include a link or email address to report spam.
To reduce server load, we could also have the script check at random intervals. If we have everyone check the server at midnight UTC, the server would be (could get) overloaded. We could have it check randomly, between 15 minutes and 30 minutes.
We can also digitally sign all the emails. But then that brings into question–which certificate authority? We gonna try paying for a “valid” CA, or are we going to try to manage our own?