BugZilla displays proper e-mails encouraging spammers




17 years ago
6 years ago


(Reporter: Christopher Stone, Assigned: justdave)






17 years ago
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.2+) Gecko/20010723
BuildID:    2001072408

I have owned my e-mail account for four months now without a single spam ever
arriving in my e-mail.  Then I used my e-mail address for bugzilla and today I
see a spam email from a MSN.com user!  The e-mail addresses in bugzilla should
be displayed as tkchris at nvbell dot net or something of this effect in order
to discourage spamming.  There is no need for properly formated email address to
be displayed on bugzilla.

Reproducible: Always
Steps to Reproduce:
1. Be a nice guy who reports bugs on BugZilla
2. Wait a week
3. Watch your e-mail address fill up with spam from MSN.com

Actual Results:  bug reports are displayed in bugzilla with correctly formatted
e-mail address like tkchris@nvbell.net

Expected Results:  Would like to see e-mail address encoded in some form which
is still readable by humans, but unreadable by machines in order to discourage
spamming.  For example "tkchris at nvbell dot net".

Spamming is a bad thing, esp. when it comes from MSN.com >:(


17 years ago
Component: Security: General → Bugzilla
Product: Browser → Webtools
Target Milestone: --- → Bugzilla 2.14
Version: other → Bugzilla 2.13
Effective anti-spam measures are good, but the solution you propose wouldn't be
very effective. I wouldn't call "tkchris at nvbell dot net" unreadable by
machines when a single line of perl could transform it into an email address.
That method would be so easy to work around that I'm not sure it's worth doing.
Since Bugzilla itself generates so much 'spam' in the form of bugmail, many
people use a separate email account (maybe a free account) for interacting with

Reassigning to the Bugzilla module owner for further comment.
Assignee: mstoltz → justdave
Ever confirmed: true
QA Contact: ckritzer → matty
It doesn't take much looking around on Bugzilla to realize that users' email 
addresses are posted in public.  As stated above, most people who are concerned 
about this set up a throw-away account to use with it.  I didn't, and my spam 
hasn't gotten any worse as a result of it.  On the other hand, due to my job, my 
address is pretty well advertised anyway.  My solution is good email filters.  
Only other thing to do right now is to hound your congresscritter for better 
penalties against the spammers.

*** This bug has been marked as a duplicate of 54159 ***
Last Resolved: 17 years ago
Resolution: --- → DUPLICATE
Target Milestone: Bugzilla 2.14 → ---

Comment 3

17 years ago
Well I respectfully disagree.  I think any measure to decrease the rate of
spammage is a step in the right direction.  You are correct when you say
"tkchris at nvbell dot net" easy easy to translate, however, most of the
software which gathers email addresses is written by one person and used by
many.  And it is typically the many which do not have the knownledge to know how
to enhance the software for certain web sites.  Someone would have to write an
email parser specifically for bugzilla systems in order to obtain emails from
them.  I agree that it does not totally block all spammers but it will prevent
the majority of them.

Comment 4

17 years ago
One additional comment for Mitchell (sorry for the spam).  If it is only one
line of perl code to translate the email address from one form to another, then
is it not worth the time to write one line of code that could potentially
decrease the amount of spam for thousands of users?  That is all.  Thank you for
your time, and thank you for BugZilla and Mozilla, and all the wonderfull
projects associated with it.

moving to Bugzilla product
reassign to default owner/qa for INVALID/WONTFIX/WORKSFORME/DUPLICATE
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
Version: Bugzilla 2.13 → unspecified
moving to Bugzilla product
reassign to default owner/qa for INVALID/WONTFIX/WORKSFORME/DUPLICATE
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.