Skip to content

GitLab Next

    • GitLab: the DevOps platform
    • Explore GitLab
    • Install GitLab
    • How GitLab compares
    • Get started
    • GitLab docs
    • GitLab Learn
  • Pricing
  • Talk to an expert
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
    • Menu
    Projects Groups Snippets
  • Sign up now
  • Login
  • Sign in / Register
  • GitLab GitLab
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 43,125
    • Issues 43,125
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 1,360
    • Merge requests 1,360
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages & Registries
    • Packages & Registries
    • Package Registry
    • Container Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar

GitLab 15.0 has launched! Please visit Breaking changes in 15.0 and 15.0 Removals to see which breaking changes may impact your workflow.

  • GitLab.org
  • GitLabGitLab
  • Issues
  • #31509
Closed
Open
Created Sep 02, 2019 by Liam McAndrew@lmcandrew🏊🏻Developer2 of 2 tasks completed2/2 tasks

Rate limit email blast from Admin area

Summary

As per @manojmj's comment in https://gitlab.com/gitlab-org/manage/issues/62#note_206297931

Admins can send an email blast to users from the admin area. Currently, there are no limits to this. Although admins are assumed to be good actors, even with good intent, sending an email blast to a lot of users can hold up the job queues and cause delays in other jobs. Do you think this feature should also have rate-limiting?

Proposal

Rate limit the frequency of sending instance-wide emails from the admin panel (/admin/email).

  • I think this is UI only and there's no relevant GitLab API for this.

Proposed rate limit: 1x every 10 minutes.

  • Present an error banner to the user when this limit is violated, displaying the number of minutes remaining until they're able to send another blast.

Ideas

  • We could consider rate-limiting this action, preferably not on the number of emails, because there could be a genuine case to send emails to all users, but on the frequency of the action itself (as an example: email blasts can be sent by admin only once in 30 minutes, irrespective of the number of users)
  • If we decide we don't want to expose limits, we can still help the admin a lot - e.g. by showing a warning that such action might have adverse effects on instance performance.

The issue is marked as confidential as the lack of limits could potentially be abused.

Issue readiness

  • Product: issue description is accurate with an acceptable proposal for an MVC
  • Engineering: issue is implementable with few remaining questions, is sufficiently broken down, and is able to be estimated
Edited Apr 17, 2020 by Liam McAndrew
Assignee
Assign to
Time tracking