Bug 486766

Summary: Bugzilla makes it too easy for spammers
Product: [Community] Bugzilla Reporter: JW <ohtmvyyn>
Component: Email NotificationsAssignee: Simon Green <sgreen>
Status: CLOSED WONTFIX QA Contact:
Severity: high Docs Contact:
Priority: low    
Version: develCC: collura, ebaak, kbaker, sgreen
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-19 06:58:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description JW 2009-02-22 00:01:55 UTC 
Description of problem:
To harvest email addresses all a spammer need do is subscribe to various bug reports and just wait until Bugzilla send some email addresses.

Version-Release number of selected component (if applicable):
current

How reproducible:
Always

Steps to Reproduce:
1. add a comment or file a new big report
2. wait a few days
  
Actual results:
Spam, spam, and more spam.


Expected results:
No spam.

Additional info:
There should be a simple option to prevent one's actual email address from being visible to other registered bugzilla users.
Comment 1 JW 2009-02-22 00:02:48 UTC 
Pls change "big report" to "bug report".
Comment 2 David Lawrence 2009-02-23 19:03:53 UTC 
We do not currently show the email address now unless the user is logged into a valid bugzilla account.

*** This bug has been marked as a duplicate of bug 447765 ***
Comment 3 JW 2009-02-23 22:00:46 UTC 
This bug is NOT a duplicate of 447765.  That bug relates only to anonymous viewers of bug reports.  The problem is registered users whose computers are either virus-ridden or users whose intent is malicious.

There is no need to EVER show ANY user's email address.  All communication should be directed via bugzilla without ever revealing any email adress.
Comment 4 Simon Green 2012-06-19 06:58:50 UTC 
This will not change. When you signed up to Bugzilla there was a message: "PRIVACY NOTICE: Red Hat Bugzilla is an open bug tracking system. Activity on most bugs, including email addresses, will be visible to the public. We recommend using a secondary account or free web email service (such as Gmail, Yahoo, Hotmail, or similar) to avoid receiving spam at your primary email address."

  -- simon