Code

Opened 6 years ago

Closed 3 years ago

#9281 closed (worksforme)

emails are displayed by django bug tracker and harvested by spam robots

Reported by: orzel Owned by: jacob
Component: *.djangoproject.com Version: 1.2
Severity: Keywords:
Cc: andre.miras.same.here@… Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

Hello. I'm using an unique email address to report bugs on django (the spamgourmet stuff) and I'm now getting spam though this address. I've put this very same email address in google, and it indeed finds my bug report pages in django trac stuff. Which confirms that the address is 'visible' from un-identified user on the site.

I've confirmed that by going to the same page while not being identified, and looked at the page source : the email is displayed in the page, raw.

This is really surprising, as I'm using spamgourmet a lot, especially on *.com sites, and so far this is the first time I ever got some spam through this. I'll probably get more spam just by filling this bug report.

I've used other trac-based report pages, and I did not have the problem. So I have hope this is not something you cannot manage to do with trac. Or maybe this is because of the high 'visibility' / pagerank of django website ?

I hope you can do something about this.

Attachments (0)

Change History (7)

comment:1 Changed 6 years ago by orzel

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

Precision. This seems to happen for anonymous posting (I probably created the the ticket entry before having an account here, this is #6541). Still, emails should not be displayed on the internet for anonymous people, don't you think so?
greetings.

comment:2 Changed 6 years ago by julien

The best approach would be email obfuscation, but that would require an upgrade of Trac. I don't know if the Devs are ready to do it though, as upgrading Trac can be quite tedious and tricky.

See the Trac's Trac page about the email obfuscation issue: http://trac.edgewall.org/ticket/153

comment:3 Changed 5 years ago by Andre

  • Cc andre.miras.same.here@… added

comment:4 Changed 5 years ago by jacob

  • Owner changed from nobody to jacob
  • Status changed from new to assigned

comment:5 Changed 5 years ago by jacob

  • Triage Stage changed from Unreviewed to Accepted

comment:6 Changed 3 years ago by orzel

  • Version changed from 1.0 to 1.2

I keep on being flooded by spam on this email. And as another side effect... i dont receive mails about the tickets here. They are flagged as spam.
This ticket system is based on trac, right ? (or even is 100% trac?). Doesn't trac have something for obfuscating mail ? I dont use it, but i would be surprised it does not.

comment:7 Changed 3 years ago by justinlilly

  • Resolution set to worksforme
  • Status changed from assigned to closed

Looks like this has been fixed with the latest Trac upgrade.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.