~sircmpwn/sr.ht-discuss

2 2

plaintext email addresses exposed

Alexey Shpakovsky <alexey@shpakovsky.ru>
Details
Message ID
<194ba9e4f2e494b374bf88a93db52646.squirrel@squirrelmail.shpakovsky.ru>
DKIM signature
pass
Download raw message
First-time poster here.

First, thanks for a wonderful project! My favorite feature is that I can
contribute to projects (report bugs, submit patches) hosted here without
having an account - just by email!

However, I noticed that on some pages sourcehut exposes plaintext email
addresses.

This was briefly discussed three years ago:

https://lists.sr.ht/~sircmpwn/sr.ht-discuss/%3CnDziUTUUj2K6dN-hibYOnOZtV5OY-DdIfxm9SCY7N3qhIO1OH0f13QsHYu_xedqRg1dmdqFuRrzfuKUs_NnaZOawFyiz6PyoKHFvFVXQnfI%3D%40pm.me%3E

https://lists.sr.ht/~sircmpwn/sr.ht-discuss/%3CBUNNAS4T0V64.16DDFWUTXGJTE%40homura%3E#%3C9t7YQ6YUdXGOmuU5O5l3d0g-E9fUDhzkQvUqQ7oWcAYTGXgFqR9fEXpsBTLtzFlCulCsYXfvu7bFaJ9KfFo0UpyP2FOok3TO3Vwi3WYImVg=@pm.me%3E

(links are likely broken, emails can be found by searching for word
"obfuscation" in archives). Back then Drew DeVault answered that email
address is visible in HTML pages only for logged in users. However, this
seems to be not a case anymore: anonymous users (like me) can see email
addresses in mailing list archives, and email addresses of unregistered
users who created or commented on tickets (todo.sr.ht). Oh, and "Download
raw message" in mailing lists also contains full email addresses.

Is it an bug or a deliberate decision? Did something change since then?
Maybe you have some hidden antispam measures, or know that spamers stopped
harvesting targets from websites at all, or do they just ignore sourcehut?
My daily volume of spam didn't change much since I first posted here (if
anything, it _decreased_!), so that's not an irony or sarcasm. Also, you
have more experience of using sourcehut, so likely already know if it
affects volume of incoming spam!

Thanks.
Details
Message ID
<COFS4A9HEH4I.2CH1HDAARHAZD@taiga>
In-Reply-To
<194ba9e4f2e494b374bf88a93db52646.squirrel@squirrelmail.shpakovsky.ru> (view parent)
DKIM signature
pass
Download raw message
Spammers have stopped harvesting targets from websites at all. I have
had a honeypot on my blog for over a year now which has received zero
emails. Sharing your email address on SourceHut is an important part of
collaboration here; we are an email-oriented platform. It's not
considered private.
Details
Message ID
<87edtzgxx3.fsf@city17.xyz>
In-Reply-To
<COFS4A9HEH4I.2CH1HDAARHAZD@taiga> (view parent)
DKIM signature
pass
Download raw message
> Spammers have stopped harvesting targets from websites at all. I have
> had a honeypot on my blog for over a year now which has received zero
> emails.

My experience differs slightly, I have received 2 spam emails on my
"srht@" - as if they were testing the waters - in the last 2 months. I
expect to keep on receiving spam intermittently on this account but not
enough to bother me.
Reply to thread Export thread (mbox)