Closed
Bug 704992
Opened 13 years ago
Closed 13 years ago
Refund request emails are coming from the user requesting
Categories
(addons.mozilla.org Graveyard :: Public Pages, defect, P1)
addons.mozilla.org Graveyard
Public Pages
Tracking
(Not tracked)
RESOLVED
FIXED
6.3.3
People
(Reporter: clouserw, Assigned: ashort)
Details
(Whiteboard: [ddn])
Refund request emails' have their From set as the user requesting the refund (I think). The From should be something other than that, either amo-marketplace@mozilla.org or nobody@mozilla.org. Fligtar - which do you want?
Comment 1•13 years ago
|
||
While you are there, the emails are sent from settings.FLIGTAR. Let's change that to settings.MARKETPLACE_EMAIL.
Reporter | ||
Updated•13 years ago
|
Target Milestone: 6.3.4 → 6.3.3
Comment 2•13 years ago
|
||
We shouldn't reveal users' email addresses for refunds and I don't think emails should come from an address that isn't going to be monitored (and that will get thousands of email bounces when our emails fail).
Why can't we use nobody@mozilla.org?
Comment 3•13 years ago
|
||
Just to check the support flow asks allows the person to contact the developer. In that case I think the email address (or at least reply to) has to be the users email address.
http://people.mozilla.com/~fligtar/marketplace/Support%20Flow.png
Assignee | ||
Comment 4•13 years ago
|
||
fligtar, is this how we oughta handle the issue?
https://github.com/washort/zamboni/commit/a7d536f6ff0fcc065d1acf58621f1121292619bc
Comment 5•13 years ago
|
||
(In reply to Andy McKay [:andym] from comment #3)
> Just to check the support flow asks allows the person to contact the
> developer. In that case I think the email address (or at least reply to) has
> to be the users email address.
>
> http://people.mozilla.com/~fligtar/marketplace/Support%20Flow.png
Yes, it's reasonable in the support case as a user requesting support expects to get a reply.
Comment 6•13 years ago
|
||
(In reply to Allen Short [:ashort] from comment #4)
> fligtar, is this how we oughta handle the issue?
>
> https://github.com/washort/zamboni/commit/
> a7d536f6ff0fcc065d1acf58621f1121292619bc
I don't know what that code does but it sounds like it still exposes the user's email for refunds. Would rather we not expose it at all for that.
Comment 7•13 years ago
|
||
The Reply-To header of the message is still the user's email. Should that be removed altogether?
Assignee | ||
Comment 8•13 years ago
|
||
reply-to removed.
https://github.com/mozilla/zamboni/commit/58b343baa618159dd7fbfdb4545a0ec119011d40
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Updated•9 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•