Page MenuHomePhabricator

Allow users to restrict which user groups that can send them direct emails via Special:EmailUser
Closed, ResolvedPublic3 Estimated Story Points



As a target of harassment, I want to restrict which user groups can send me email (e.g. choose between all users, require autoconfirmed access or admins). If sending email is disallowed this way, the "email this user" link should not be displayed and visiting Special:EmailUser/Foobar should display the "This user has chosen not to receive email from other users." message.

On-wiki specification

Meta — Community health initiative/Allow users to restrict which user groups can send them emails


Acceptance criteria

  • In the 'Email options' of the 'User profile' tab of Special:Preferences, add a new tickbox preference
    • Label: Allow emails from brand-new users (learn more)
    • 'learn more' should link to a help/project page (TBD)
  • If the user has this preference enabled (ticked) the Special:EmailUser feature should work exactly as it does today.
  • If the user has this preference disabled (unticked):
    • Users in the autoconfirmed group should be able to use the Special:EmailUser feature as it exactly does today.
    • Users not in the autoconfirmed group:
      • should not see the "Email this user" link in the left rail on userspace pages
      • should see the standard error message of "This user has chosen not to receive email from other users" as if the other user had the entire preference disabled when they directly navigate to Special:EmailUser/Foobar
  • The default for new accounts created when their email address is confirmed should be ticked (on)

Related Objects

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes

Here is a screenshot of the current email preferences:

I propose we replace the top tickbox with a dropdown with the following options:

Enable emails from:

  • All users
  • Autoconfirmed users
  • Admins and functionaries
  • Nobody

I don't think you should hardcode the list, but do something like that:

DefaultSettings.php :

$wgEmailAccessLevels = [
  [ 'user' ],
  [ 'autoconfirmed' ],
  [ 'sysop', 'bureaucrat' ]

WMF standard settings:

$wgEmailAccessLevels = [
  [ 'user' ],
  [ 'autoconfirmed', 'confirmed' ],
  [ 'sysop', 'bureaucrat', 'checkuser', 'oversight' ]

This would allow wikis to react to their user hierarchy, for example:

$wgEmailAccessLevels = [
  [ 'user' ],
  [ 'autoconfirmed', 'confirmed' ],
  [ 'templateeditor', 'review', 'rollback' ],
  [ 'sysop', 'bureaucrat', 'checkuser', 'oversight' ]

Or anything like that. I'm not quite happy with this design yet, but it gives a rough idea what I intend to do. Maybe it's better to use keys and to define the order of the keys elsewhere.
Besides, how would you define functionaries in code?

I agree the list shouldn't be hard coded.

TBolliger renamed this task from Allow users to restrict which user groups that can send them emails to Allow users to restrict which user groups that can send them direct emails via Special:EmailUser.Sep 19 2017, 9:27 PM
TBolliger updated the task description. (Show Details)

Another potential solution to this problem will be to simply have a tickbox (default TBD) to dis/allow email from non-autoconfirmed users.

On the one hand, it's a simple approach conceptwise and codewise, on the other hand, it reduces the feature flexibility. To get autoconfirmed isn't that difficult, and many wikis have groups kind of representing trusted users.

One alternative possibility to let this work like page protection (with just one action and without expire time): You define multiple levels and link them with user rights. (The simplest variant would be to hard code two levels direclty, this would simplify the approach, but I really think it isn't needed.) That way, you could configure the feature freely for a given wiki, combine it with global groups etc. and wouldn't have any complicated UI issues. Personally I think at the moment this would be a very good approach to handle this.

Per feedback on wiki and discussions with the rest of the Anti-Harassment Tools team, we decided to change the default for new accounts to be to accept email from non-autoconfirmed email. (So, no change in the current experience/functionality.) If we need to adjust this in the future, we will re-approach the topic.

We haven't received enough feedback on the ticbox-vs.-dropdown discussion, so we will size both in estimation tomorrow and build whatever is simplest. (This most likely will mean the tickbox.)

TBolliger set the point value for this task to 3.

How would the autoconfirmed restriction be managed internally? In my opinion, it should be a new user right (sendemail-restricted maybe).

@TBolliger Will this feature be on/off per wiki or should there be no config (and it will roll out on the next train)?

If this is a low-risk change, it should be in the next train to all Wikimedia wikis. If you feel this would benefit from a round of production QA, please release it only to meta.wikimedia and test.wikipedia.

Change 391342 had a related patch set uploaded (by Dbarratt; owner: Dbarratt):
[mediawiki/core@master] Allow users to prevent new users from sending them email.

@dmaza Everything I have so far is on I basically added an empty JS file.

Also see the email I forwarded you. :)

@dmaza: Tested out the patch, but strangely the pref disabling behavior isn't working for me locally:

Change 391342 merged by jenkins-bot:
[mediawiki/core@master] Allow users to prevent new users from sending them email.