Bug 486766 - Bugzilla makes it too easy for spammers
Bugzilla makes it too easy for spammers
Status: CLOSED WONTFIX
Product: Bugzilla
Classification: Community
Component: Email Notifications (Show other bugs)
devel
All Linux
low Severity high (vote)
: ---
: ---
Assigned To: Simon Green
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-02-21 19:01 EST by JW
Modified: 2014-10-12 18:46 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-19 02:58:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description JW 2009-02-21 19:01:55 EST
Description of problem:
To harvest email addresses all a spammer need do is subscribe to various bug reports and just wait until Bugzilla send some email addresses.

Version-Release number of selected component (if applicable):
current

How reproducible:
Always

Steps to Reproduce:
1. add a comment or file a new big report
2. wait a few days
  
Actual results:
Spam, spam, and more spam.


Expected results:
No spam.

Additional info:
There should be a simple option to prevent one's actual email address from being visible to other registered bugzilla users.
Comment 1 JW 2009-02-21 19:02:48 EST
Pls change "big report" to "bug report".
Comment 2 David Lawrence 2009-02-23 14:03:53 EST
We do not currently show the email address now unless the user is logged into a valid bugzilla account.

*** This bug has been marked as a duplicate of bug 447765 ***
Comment 3 JW 2009-02-23 17:00:46 EST
This bug is NOT a duplicate of 447765.  That bug relates only to anonymous viewers of bug reports.  The problem is registered users whose computers are either virus-ridden or users whose intent is malicious.

There is no need to EVER show ANY user's email address.  All communication should be directed via bugzilla without ever revealing any email adress.
Comment 4 Simon Green 2012-06-19 02:58:50 EDT
This will not change. When you signed up to Bugzilla there was a message: "PRIVACY NOTICE: Red Hat Bugzilla is an open bug tracking system. Activity on most bugs, including email addresses, will be visible to the public. We recommend using a secondary account or free web email service (such as Gmail, Yahoo, Hotmail, or similar) to avoid receiving spam at your primary email address."

  -- simon

Note You need to log in before you can comment on or make changes to this bug.