Hello Matomo Teams.
With the implementation of the invite function in Matomo 4.11.0, there are many opportunities to send emails using Matomo applications.
As a result, the risk of sending incorrect emails due to mistakes in email addresses has increased.
Is there a function to restrict the domain of the email address to be sent to, so that it cannot be sent to other domains?
If not, would you implement it?
Hi @okumuryu, thanks for the suggestion, this does sound like a useful security feature. At the moment there is no option to restrict emails sent by Matomo to specific domains.
Depending on how your Matomo server is configured to send email, it may be possible to implement this restriction using Mail Transport Agent rules on the server. For example, your server uses postfix as an MTA then you could add a transport rule to block delivery of any emails other than to your company domain.
It is certainly possible to restrict mail domains with postfix.
However, I think it is possible to use Matomo safely by restricting not only by postfix but also by Matomo application.
This would be something that could also be implemented quite easily in a new plugin.