Page MenuHomePhabricator
Create Task
Maniphest T17750

email-blocked users can register false email addresses
Closed, DeclinedPublic
Actions

Description

Users whose email has been blocked can still attempt to change their preferences and change their email addresses; this has been used to harass the blocking admin. (I've received several dozen "Wikipedia e-mail address confirmation" mails; it's just an annoyance, but still, email-blocked users shouldn't be able to futz with their email addresses anyway.)

Version: unspecified
Severity: minor

Details

Reference
bz15750

Event Timeline

bzimport raised the priority of this task from to Lowest.Nov 21 2014, 10:17 PM
bzimport added a project: MediaWiki-User-management.
bzimport set Reference to bz15750.
bzimport added a subscriber: Unknown Object (MLST).
Jpgordon created this task.Sep 28 2008, 1:27 AM
bzimport added a comment.Sep 28 2008, 1:34 AM

ayg wrote:

An e-mail-blocked user can still receive e-mail notifications of various events, and can still receive e-mail, so they should be able to change their e-mail address. If someone already knows your e-mail address, can't they just harass you by sending you e-mails manually, just as easily as by changing their address to yours in the software?

werdna added a comment.Sep 28 2008, 2:40 AM

We could still probably solve that problem by rate-limiting confirmation mails per-email-address.

Jpgordon added a comment.Sep 28 2008, 5:13 AM

Good point. My particular harasser specializes in totally petty minor league crap like this.

aaron added a comment.Jan 3 2009, 5:01 PM

Closed per #1

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL