Default subject exposes email address of sender

scombs · September 27, 2016, 2:06am

If a user posts a new topic via email but forgets to include a subject, the default subject posted on the site and in email notifications is Incoming email from %{email} This exposes a user’s email to everyone.

Proposed solutions

Changing the default text for the subject to This topic needs a subject or
Reject email with an error message to user

Work around

Modify the text Admin > Customize > Text Content for “emails.incoming.default_subject” from Incoming email from %{email} to This topic needs a subject

I honestly thought we had a user who just liked announcing his email address to everyone, until I accidentally posted via email with no subject line

codinghorror · September 27, 2016, 5:24am

We should fix this @tgxworld perhaps just edit the default string.

codinghorror · January 19, 2017, 8:56pm

Ok changed to

default_subject: "This topic needs a title"

great suggestion, thanks!

Topic		Replies	Views
Bug: changing the email subject for some templates is ignored Bug	9	1434	January 30, 2020
Changing email subject line should start a new topic Feature	13	2428	December 28, 2020
Inviting user to a topic/message sends out incorrect email Bug	5	1391	April 7, 2015
Email notification defaults Support email	3	369	April 11, 2023
Can I change What Emails Are Sent To Users? Support	3	523	August 27, 2020

Default subject exposes email address of sender

Proposed solutions

Work around

Related Topics