Page MenuHomePhabricator
Create Task
Maniphest T137233

Investigate forms in emails prefilling payments wiki fields
Closed, InvalidPublic
Actions

Description

I've mentioned RebelMail a few times -- they're a company which specializes in interactive email. One of the features they could offer us is an interactive donation form embedded in the email. Here's a mockup of a form in-email (note this link contains graphic language...):

https://projects.invisionapp.com/share/H542AKEQM#/screens/67243396

I want to test out one of these forms in a US email in September or October. If we wanted to incorporate any part of the payments.wiki form, it would just be the name and email fields. Do you think that's technically possible, and if it is in keeping with security protocols? At the least, RebelMail can just replicate the form on donate.wiki, but it would be a much more interesting test to add more fields.

This will be done through HTML and CSS rather than loading an iframe. RebelMail does track its own analytics for the in-email engagement, but they'll use a numeric unique identifier rather than any PII.

Does that sound fine to you? Can someone poke into this before September so I know how to move forward?

Event Timeline

CCogdill_WMF created this task.Jun 7 2016, 5:39 PM
Restricted Application added subscribers: Zppix, Aklapper. · View Herald TranscriptJun 7 2016, 5:39 PM
Ejegg subscribed.Jun 7 2016, 8:40 PM

It's possible right now to send in fname=Blah&lname=Blah&email=foo@bar.com parameters on the query string and have them pre-filled in our payments form. Not sure about the privacy and security implications, but name and email are technically possible.

CCogdill_WMF added a subscriber: DStrine.Jun 7 2016, 8:43 PM

Oh that's awesome, I didn't know! Thanks, Elliott :)

@DStrine, is this something tech should look at more from a security
perspective, or should I just go to legal at this point?

cwdent subscribed.Jun 7 2016, 8:48 PM

One thought I have is that the email address parameter will probably make modsecurity shout.

DStrine moved this task from Triage to Blocked or not fr-tech on the Fundraising-Backlog board.Jul 19 2016, 8:38 PM
awight added subscribers: dpatrick, awight.Jul 19 2016, 8:39 PM

@dpatrick
Would you mind taking a look at our crazy plan here? We're considering including the donor's name and email as URL params in links embedded in the email. Bad idea?

DStrine added a comment.Jul 28 2016, 10:07 PM

bumping this

@dpatrick do you have any opinions on this? I could set up a meeting if you would like to discuss further.

mmodell removed a subscriber: awight.Jun 22 2017, 9:38 PM
AKanji-WMF changed the task status from Open to Stalled.Jun 20 2023, 9:23 PM
AKanji-WMF subscribed.

I am closing - I don't believe this aligns with our current approach/plans.

AKanji-WMF closed this task as Invalid.Jun 20 2023, 9:24 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL