Closed Bug 322442 Opened 19 years ago Closed 19 years ago

Collected addresses shouldn't default to the Personal address book.

Categories

(MailNews Core :: Address Book, defect)

1.8 Branch
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 267877

People

(Reporter: dveditz, Assigned: mscott)

Details

(Whiteboard: Thunderbird)

http://lxr.mozilla.org/mozilla/source/mailnews/mailnews.js#404 Thunderbird defaults to collecting outgoing addresses, but instead of putting them in the "Collected Addresses" book (history.mab) they default to the personal address book (abook.mab). This makes a mess of the personal address book, leaves the collected book empty and useless, and compounds the risks of bug 303754.
Flags: blocking1.8.1?
Flags: blocking1.8.0.1?
This should possibly be a WONTFIX - see commentary on bug 267877, especially comment 8. However I'm not going to wontfix it as I think your comments are reasonable but it's up to Scott.
I'm very surprised that we don't use the CAB any more. Surely there is a clear distinction between people I've chosen to add to my address book (and who therefore, presumably, I know well) and some guy who randomly emailed me a support question once and I told him to go look at the FAQ? The former should certainly be above the latter in the autocomplete list, for a start (and that's not necessarily true today). As Dan points out, the security implications are also important. I want to use my PAB as a junk whitelist, but I can't if it's stuffed so full of random people that it's impossible to maintain. Currently, there are thousands of addresses in there; I tried to triage them to clean up autocomplete but gave up - it was too big a task. Instead, I tried to move them out wholesale to another address book, but they still autocompleted! :-( Gerv
The CAB as such will not be created by default anymore (not even in SM), but you still can create a custom AB and dedicate it to collecting addresses, if you don't want to have them in the PAB. The security implications aren't part of a specific addressbook (eg the PAB) - turning any AB that is target of address collection (remember: you can still autocollect even incoming and news addresses!) into a whitelist should warn about the security implications, in both places!
(In reply to comment #3) > The CAB as such will not be created by default anymore (not even in SM), but > you still can create a custom AB and dedicate it to collecting addresses, if > you don't want to have them in the PAB. Only by hacking prefs.js to change the target of address collection. > The security implications aren't part of a specific addressbook (eg the PAB) - > turning any AB that is target of address collection (remember: you can still > autocollect even incoming and news addresses!) into a whitelist should warn > about the security implications, in both places! The security implications relate to the fact that, by default, we collect addresses in the PAB and the Junk filters whitelist the PAB when you check the box. IMO, our default settings should not be such that a big scary "Are you sure this is a good idea?" warning comes up when you check the "Whitelist people in my address book" box. If it's not a good idea, we shouldn't make it so easy to do. Gerv
> > The CAB as such will not be created by default anymore (not even in SM), but > > you still can create a custom AB and dedicate it to collecting addresses, if > > you don't want to have them in the PAB. > > Only by hacking prefs.js to change the target of address collection. Well, even the obfuscated TB prefs allow this in the UI (at least in 1.5 RC1): Options->Composition->Addressing, [x] Collect outgoing into [PAB]. > The security implications relate to the fact that, by default, we collect > addresses in the PAB and the Junk filters whitelist the PAB when you check the > box. IMO, our default settings should not be such that a big scary "Are you > sure this is a good idea?" warning comes up when you check the "Whitelist > people in my address book" box. If it's not a good idea, we shouldn't make it > so easy to do. So we probably should default the junk whitelist to a not-yet-existing special whitelist ab that will be created on checking that option. That would also heighten the awareness which addresses actually _are_ whitelisted...
> So we probably should default the junk whitelist to a not-yet-existing special > whitelist ab that will be created on checking that option. That would also > heighten the awareness which addresses actually _are_ whitelisted... That doesn't work, because if you click a name in a header and do "Add to Address Book", then it should add it to the whitelisted address book. (That's the point of using an address book as a whitelist - you get the convenience of not having to maintain a special whitelist). And if your new special whitelist address book is the default for that, then what's the difference between it and today's Personal Address Book? The PAB should be your personally selected addresses, the default for the junk whitelist, and the default for "Add To Address Book...". Collected Addresses should be all the other rubbish, used for auto-complete when there's no matches in the PAB. Gerv
> (That's the point of using an address book as a whitelist - you get the > convenience of not having to maintain a special whitelist). Well, I beg to differ. I personally don't "trust" everyone in my PAB - and why even should I? This discussion is running into a "my usecase is this:" corner, which doesn't really help. Collecting addresses is a useful feature, but not very far spread. We could turn the default for autocollection to off, though, so that your PAB will stay clean until you voluntarily turn it on - and then you can select a different AB, if you want to...
> I personally don't "trust" everyone in my PAB - and why even should I? The only level of trust required is that they not be someone who sends you spam - i.e. you want to see all messages which arrive from that person. If that is not the case, why did you add them into your address book in the first place? This is not "my use case vs. your use case", it's the primary function of a personal address book - to keep track of people with whom you correspond regularly. (If that's not what it's for, what is it for?) Putting collected addresses into it undermines that function. Gerv
> The only level of trust required is that they not be someone who sends you > spam - i.e. you want to see all messages which arrive from that person. There're dumb-headed users out there, especially in the corporate environment... > This is not "my use case vs. your use case", it's the primary function of a > personal address book - to keep track of people with whom you correspond > regularly. The problem here is the term "personal". It's not that personal, it's just no AB on a remote/public server - "Local Address Book" would have been a better name (IMO). > Putting collected addresses into it undermines that function. That's why I suggested defaulting autocollection to off. The most frequently question about the CAB was just "how do I delete that?"...
(In reply to comment #8) > ...it's the primary function of a > personal address book - to keep track of people with whom you correspond > regularly. (If that's not what it's for, what is it for?) Putting collected > addresses into it undermines that function. You do realise that by default we only collect outgoing addresses? There are hidden prefs (hidden in both SM & TB) for enabling collection of incoming and newsgroups ones, but they're off by default. Only collecting outgoing addresses will kind of imply its people you normally correspond with, unless you're going to respond to spam of course. > The most frequently question about the CAB was just "how do I delete that?"... Not sure this is relevant to this bug, but I'm currently working on bug 171125 (which probably needs to be moved to core address book) where the CAB won't be created by default, and existing CABs may be renamed or deleted.
This bug is clearly a dupe of bug 267877, I'm sorry I hadn't found that one. If we've combined the address books on purpose then I'll go back to bug 303754 and argue more strenuously that we should not at the same time default to showing images from these addresses. *** This bug has been marked as a duplicate of 267877 ***
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Whiteboard: Thunderbird
Flags: blocking1.8.1?
Flags: blocking1.8.0.1?
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.