Hi,
A client has an e-mail signup form (UserManagement) on their page, the only thing this form does is accept e-mail submissions, therefore the checkbox EmailAllowed is not necessary.
BUT somehow a bot or script is attacking the page (65000+ visits from same IP) filling in random e-mails from some kind of crawled e-mail index from the content pages and setting the EmailAllowed checkbox to FALSE, resulting in the employees from the company having their e-mail permissions set to FALSE. As of now we have set the EmailAllowed checkbox as a hidden form field, but this might not be enough.
FEATURE REQUEST: We would like to be able to control that this form/module can only be used to Create profiles NOT "Create profile / Manage subscription" as it is today. In the old days we had a possibility to tell the newsletter form/module wether it should be a "create or delete" form, we somehow need this again to avoid this kind of attacks, or another workaround.