User management

The user management of MailFlow Relay is constructed on the basic assumption that 95% of users will never so much as notice the system let alone interact with it.

Account creation

On initial login with an email address the system will create an account iff none exists yet and the account is on the self-service allowlist. Any other attempts will be logged and discarded. The user is then send an email-OTP to complete the signup. By default all users get the "user" role.

Initial admin access

The first ever account to be created on the instance will be assigned the role "admin" and not require email-OTP as the code is transparently returned. this allows setup of an instance that is yet unable to send emails without needing to leave the browser.

User Management

By the user

In the account manager any logged in user can change the following settings about their own account:

Their email address
The pingback behaviour
The local display language

By an admin

System administrators can change any account on the instance including everything a user can configure (except language) as well as the user role. Role management has an exception that one cannot remove the admin role from the current account and there must always be at least one admin.

An admin may delete any non-admin account. To delete an admin access it is required to first demote the target account to regular user.

Cascading changes

When the email on an account is changed this change is cascaded throughout the system into all subscriptions and into the allowlist.

Deleting a user deletes it from all subscriptions but keeps the email in the allowlist.

Account creation​

Initial admin access​

User Management​

By the user​

By an admin​

Cascading changes​