The forum exposes my email address (accounts page says it will not be made public)

Project:Web
Component:Email
Category:feature request
Priority:minor
Assigned:david
Status:active
Description

When somebody replies to my message on the forums, my email address is visible! Spambots harvest the web for email addys. This is not good.

Also, in the profile settings it says "The e-mail address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by e-mail."

Thu, 05/13/2010 - 13:26

We can't stop users from posting email addresses. But they are not accessible to spambots, a filter masks them so the actual text shown is "foo [at] bar [dot] com".

Thu, 05/13/2010 - 13:57

I'm sure many spam bots can decypher that address.

Perhaps coupling together the forums and the mailing lists isn't a good idea.

Sun, 04/01/2012 - 04:42
Title:The forum exposes my email addy» The forum exposes my email address (accounts page says it will not be made public)

I am altering the title of this to better reflect the problem.

The problem is that the account's page says:

"The e-mail address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by e-mail."

Which is not true as the email addresses are made public on the mailing list (since the forums and mailing list are linked). This is a contradiction. We either need to hide the email addresses (which as stated above can only apparently be obfuscated) or alter the message on the accounts message and let users know it will be made public if they post on the forums.

AttachmentSize
Screenshot-3.png 16.91 KB
Mon, 07/09/2012 - 17:00
Priority:normal» critical

Forum Discussion

Fri, 12/07/2012 - 08:22

i just want to vote for this bug to be hot. i dont like my email to be visible too. and i dont think the masking by [at][dot] is any strong. especially since we seem to have human spammers also. a bugfix is much appreciated.
could i possibly work on that? maybe it's just the behaviour of the reply functionality that needs small modification?

Sun, 07/14/2013 - 17:25

I want to express my support for this critical bug even though it's already three years old.

My standing is that privacy should default. This bug addresses this issue.

Yet even more importantly, the forum community needs at least the option to opt-out of email address sharing. I have no idea who the mailing list sends emails to, but they all get to see my email address.

User @Zancudo said that he could work on this bug but it is still unassigned.

Mon, 07/15/2013 - 09:45
Assigned to:anonymous» david

Hello, freedom-friends!

We're aware of the complicated nature of this problem; we understand that this is not the usual behaviour in most websites, making it unexpected (even if we changed the note below the email address input of the account page last year).

The fact that makes it complicated is that looking at the amount of contributions from the forums and from the lists over the same topics, it's shown that we have a lot of helpful users on both systems interacting in such a way that could not be preserved if we unlinked the forums and the mailing lists. Specifically, the problem where addresses are shown in the forum comes explicitly from when a mailing-list user replies citing to a post.

Given the nature of mailing lists, it's not easy at all to provide anonymity when using them; seemingly, even Mailman "anonymous_list" option warrants only some perception of anonymity defeated by mail headers, and it would break the Drupal forum integration anyway.

We'll continue thinking of a way of managing this in a better way, and we're open to reasonable suggestions, of course; meanwhile, we're sorry for the inconvenience this may cause, and would ask people who would like their "obfuscated" address to be edited out from some post replies to please contact the particular user about it, since that's likely to be perceived less as an censoring attempt from an overzealous mod :-)

Sat, 07/20/2013 - 01:01

A good manual way to obfuscate an address is:
address -which happens to be at- example.com

Sun, 07/28/2013 - 16:13

This site is likely using SpamSpan. It's definately crawlable.
You may want to consider Graceful Email Obfuscation Filter instead, it's also more up-to-date: https://drupal.org/project/geo_filter

Thu, 08/08/2013 - 10:57

Why not just completely filter out all email addresses that are contained in the members database?

Users can make direct contact via the profile/contact page - and exchange email addresses, if they want to.

Thu, 08/22/2013 - 10:27

Please help me repair the glitch that exposes email when quoted. BTW, the member who quoted me has a block against contacting him/her/it. Thanks.

Have you ever considered different forum designs?

Our crew likes Gizmo's "Debating Chamber" - It is similar to Trisquel's "Troll Hole" :)
www.techsupportalert.com/freeware-forum

"The Lounge" at Unix has no free beer!
www.unix.com

www.linuxforums.org/forum
www.linuxlinks.com/portal/phpBB2
www.linux.org/forums/#front-office

Thu, 05/08/2014 - 09:35

As I understand, mailman is used for the mailing list and Drupal forum integration is used to provide a forum based on the mailman database.
1. Is is it possible to know what version of those software are used?
Because I would like to test on my home LAMP server.
2. What is the software containing the e-mail address/login informations (and what is it's version)?
The second question is asked because the solution I first think about is to replace the e-mail address by the login-name when the mailman database is integrated as a forum.
3. Are there any archives of the mailman database and is it's access protected by a login/password connection and is this last one protected by a captcha?
Because if not, all effort to protect the forum would be ruined by the access to those archives. Any way, I would recommend, as the mailman database is reproduced as a forum, not to have any mail archive exposed in the internet.

Sun, 05/11/2014 - 20:05

A possible solution would be to put a "name at domain" alias address in the mail instead of the user's when he posts something in the forums that goes to the mail lists. Perhaps that alias could redirect messages to the user's e-mail address at his discretion. (Sorry; non-English [i.e., barbarian] speaker here.)

Sun, 07/20/2014 - 15:55

I don't agree, the all e-mail should not be displayed even if it is only human readable, in a mailing list I was involved in, in the web-archives, the e-mail address was automatically changed so: name at domain to adresse@... so, you could see the user name but not his e-mail provider (or domain name).

Wed, 03/16/2016 - 08:21
Component:Foro» Email
Category:bug report» feature request
Priority:critical» minor

Could this feature be optional? and modified

Personally i have a dedicated email address for mailing lists forums ect but some users sign up and use their private or current email address then discover to their surprise that their email address is visible on mailing lists
https://trisquel.info/en/forum/probl%C3%A8me-de-vie-priv%C3%A9e