The user list hides emails (except for self, obscured), has a button to show them, and pressing that logs a “viewed email” event for each user on the page (I think - I didn’t actually try this on my instance).
However the Emails/All tab shows them all straight up in clear text (obscured in the screenshot), even for emails that weren’t sent.
It seems these two pages ought to use similar enforcement mechanisms or the security is for nought?
Hmm maybe moderators should not have access to this tab @eviltrout?
Or require a click to view, just like all the other pages.
Are we talking about the email tab in admin view? If so, I think I agree, I can’t think of a single time I visited that page out of necessity (in fact, I just visited it today for the first time based on what I can recall… I’ve yet to find a reason to visit that page out of today’s curiosity)
Relatedly, this part of the “admin” page for a specific user:
I think it would fit better with the rest if Email and Logins were visible to moderators here.
That I disagree with entirely! We use that a LOT to find connections between spammers and advertisers who are abusing our forum.
Sorry, what do you disagree with? Currently those two buttons don’t exist for moderators. I’m suggesting that maybe they should, since moderators can see emails in other places anyway.
Yes, as a moderator, we have used access to the email of a user in the Admin area, their Profile page, etc as a way to identify members as spammers, advertisers, etc.
We use it a lot, as it is one of the important keys, along with username patterns that we can use to immediately identify a user as part of a larger group who does nothing more than post frivolous crap. You’d be amazed at how terrible human spammers/advertisers are at trying to conceal themselves.
But they do exist for Moderators…
They don’t on my install. As admin, yes. As moderator, no. 
Hmm… that’s odd. brb, going to setup my local environment to run a few tests.
As TL3 + moderator I should say. Perhaps something is different as TL4, that I haven’t tested.
No, that doesn’t seem to make a difference.
Ah, you need to enable show email on profile (for staff only)
If that is not enabled, you can’t see it on the Admin or User Profile page as a Moderator, once it is enabled, you can.
Phew, for a second I thought maybe this regressed 
(and I’m sorry about mis-understanding your prior reply)
Ehm, okay, that sort of makes sense. It makes the other places that still show emails make even less sense though
Right, so with that on (it was off by default), moderators do get the same set of “show” buttons on the profile. But perhaps that setting should then affect the user list page as well (if we don’t want moderators to be able to see emails, the button shouldn’t be there either right?) and indeed the email log page…
Sounds logical. 
I think it makes a lot of sense to not expose that section to moderators. Here’s a patch with it:
https://github.com/discourse/discourse/commit/3aaa9a87223243f28b59007feaf19cdaeb7b5373
