Opened 8 years ago

Closed 6 years ago

#9281 closed (worksforme)

emails are displayed by django bug tracker and harvested by spam robots

Reported by: Thomas Capricelli Owned by: Jacob
Component: *.djangoproject.com Version: 1.2
Severity: Keywords:
Cc: andre.miras.same.here@… Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

Hello. I'm using an unique email address to report bugs on django (the spamgourmet stuff) and I'm now getting spam though this address. I've put this very same email address in google, and it indeed finds my bug report pages in django trac stuff. Which confirms that the address is 'visible' from un-identified user on the site.

I've confirmed that by going to the same page while not being identified, and looked at the page source : the email is displayed in the page, raw.

This is really surprising, as I'm using spamgourmet a lot, especially on *.com sites, and so far this is the first time I ever got some spam through this. I'll probably get more spam just by filling this bug report.

I've used other trac-based report pages, and I did not have the problem. So I have hope this is not something you cannot manage to do with trac. Or maybe this is because of the high 'visibility' / pagerank of django website ?

I hope you can do something about this.

Change History (7)

comment:1 Changed 8 years ago by Thomas Capricelli

Needs documentation: unset
Needs tests: unset
Patch needs improvement: unset

Precision. This seems to happen for anonymous posting (I probably created the the ticket entry before having an account here, this is #6541). Still, emails should not be displayed on the internet for anonymous people, don't you think so?
greetings.

comment:2 Changed 8 years ago by Julien Phalip

The best approach would be email obfuscation, but that would require an upgrade of Trac. I don't know if the Devs are ready to do it though, as upgrading Trac can be quite tedious and tricky.

See the Trac's Trac page about the email obfuscation issue: http://trac.edgewall.org/ticket/153

comment:3 Changed 8 years ago by Andre Miras

Cc: andre.miras.same.here@… added

comment:4 Changed 8 years ago by Jacob

Owner: changed from nobody to Jacob
Status: newassigned

comment:5 Changed 8 years ago by Jacob

Triage Stage: UnreviewedAccepted

comment:6 Changed 6 years ago by Thomas Capricelli

Version: 1.01.2

I keep on being flooded by spam on this email. And as another side effect... i dont receive mails about the tickets here. They are flagged as spam.
This ticket system is based on trac, right ? (or even is 100% trac?). Doesn't trac have something for obfuscating mail ? I dont use it, but i would be surprised it does not.

comment:7 Changed 6 years ago by Justin Lilly

Resolution: worksforme
Status: assignedclosed

Looks like this has been fixed with the latest Trac upgrade.

Note: See TracTickets for help on using tickets.
Back to Top