Closed Bug 704992 Opened 13 years ago Closed 13 years ago

Refund request emails are coming from the user requesting

Categories

(addons.mozilla.org Graveyard :: Public Pages, defect, P1)

defect

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: clouserw, Assigned: ashort)

Details

(Whiteboard: [ddn])

Refund request emails' have their From set as the user requesting the refund (I think). The From should be something other than that, either amo-marketplace@mozilla.org or nobody@mozilla.org. Fligtar - which do you want?
While you are there, the emails are sent from settings.FLIGTAR. Let's change that to settings.MARKETPLACE_EMAIL.
Target Milestone: 6.3.4 → 6.3.3
We shouldn't reveal users' email addresses for refunds and I don't think emails should come from an address that isn't going to be monitored (and that will get thousands of email bounces when our emails fail). Why can't we use nobody@mozilla.org?
Just to check the support flow asks allows the person to contact the developer. In that case I think the email address (or at least reply to) has to be the users email address. http://people.mozilla.com/~fligtar/marketplace/Support%20Flow.png
(In reply to Andy McKay [:andym] from comment #3) > Just to check the support flow asks allows the person to contact the > developer. In that case I think the email address (or at least reply to) has > to be the users email address. > > http://people.mozilla.com/~fligtar/marketplace/Support%20Flow.png Yes, it's reasonable in the support case as a user requesting support expects to get a reply.
(In reply to Allen Short [:ashort] from comment #4) > fligtar, is this how we oughta handle the issue? > > https://github.com/washort/zamboni/commit/ > a7d536f6ff0fcc065d1acf58621f1121292619bc I don't know what that code does but it sounds like it still exposes the user's email for refunds. Would rather we not expose it at all for that.
The Reply-To header of the message is still the user's email. Should that be removed altogether?
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.