File Request Email Validation
Provide the ability to have the email address provided in a File Request form to be validated either generically to make sure the email is a real address or to require them to authenticate themselves. This is critical for organizations that have strict security and compliance requirements and can't accept the risk of someone getting a hold of the File Request link and uploading malicious content or inundate their folders with nonsense files.
AdminChristopher Muckle
(Admin, Box)
shared this idea
I suggest customers look into Shield, a newer Box offering that provides malware detection. If turned on, it scans all content uploaded to Box including the ones from file requests (as well as any file when it's active - e.g., on preview, share, edit, copy, etc. events)
-
Matt Stofka
commented
In response to Anonymous' reply today: while Shield certainly addresses the malicious content referenced in the original post, I think the primary need for email validation is to simply ensure that the person submitting the File Request indeed owns the email address they're entering into the email field that might be required on the File Request form. Anyone can fill out a File Request form and provide any email address without any confirmation that they own the email address they entered. Perhaps Box could text a 6-digit code to the email the user enters and then ask the user to enter that code on the next screen, thereby validating that they own that email. This would then give confidence to the person who owns that File Request folder that the uploader email is correct.