Protecting members from accidentally sharing their email address in a PM

A member replied to a PM that I sent them and clearly replied directly from their email provider.

Below their response was “…” which opened a full view of the email thread.


This, of course, included:

From: my community’s email address
Date: Friday, March 4, 2022
To: their email address :astonished: :warning:
Subject: something or other

email body message

Is there a way to prevent this from happening?

Do you have reply-by-mail configured?

Is your notification_email the same as the address that posts to the entire community?

This is a longstanding issue and there’s not much that can be done about it… the only way to not share your email address when sending a PM by email is to remove it before sending your reply. Different email clients handle this in different ways. In gmail the email address of the person replying is not included here but in other clients it may well be.

There are these admin settings you can try:

Screen Shot 2022-05-16 at 10.33.42 AM

I guess one thing we could do is obfuscate any emails shared via PM… but that would potentially cause problems in those cases when you are trying to talk to someone about email addresses!

8 Likes

So I was investigating an issue where reply-by-mail PM’s were leaking email addresses and disabling “always show trimmed content” did not work.

The three dots that show the rest of the email when clicked are shown when:

  • it’s a PM, or
  • when “always show trimmed content” is set (which apparently means “show trimmed content in non-PM posts as well”)

code:

# only add elided part in messages
if options[:elided].present? && (SiteSetting.always_show_trimmed_content || is_private_message)
  options[:raw] << Email::Receiver.elided_html(options[:elided])
  options[:elided] = ""
end

My question is:

  • what is the reasoning behind this being “always on” for PM’s? @zogstrip do you know?
  • and would it be a possibility to change this so admins would have the option to never show the trimmed content (and deny access to the “raw” email by clicking the envelope)? It’s pretty easy from a technical point of view so I’m not sure why this is not the case already.
1 Like

I guess I wanted to keep the old behaviour but not sure it makes sense anymore with this setting. It’s a balance, on one hand you can leak email addresses, on the other hand the trimmer can sometimes remove important content.

I think that’s fine, but the trimmer isn’t 100% safe when it comes to “not leaking email address”.

2 Likes

Is this something you would accept a PR for?

Definitely :+1:

Thanks @RGJ

1 Like

What would the desired functionality be like?

  • Easy: Just remove the private message check so when the always show trimmed content is false, it never shows the trimmed content
  • Hard: Migrate to a new site setting show trimmed content with always, never and private messages as options

I like that option better :+1:

2 Likes

Yes, me too. Next and hopefully last question: should we migrate a false value for always show trimmed content to private messages or to never. My idea would be to stay on the safe side and migrate it to never.

2 Likes