Page MenuHomePhabricator

End e-mail harassment
Closed, DuplicatePublicFeature

Description

Feature summary (what you would like to be able to do and where):
On Wikipedia, Wikiquote, and other Wikimedia wikis, LTAs and vandals often abuse the e-mail user feature, while this is a problem, it is not in itself a security issue. The security issue happens if the victim replies. While there are warnings against this, some users may not see them, or the e-mail might seem legitimate.

There are two main issues:

  1. E-mail shutdowns: A malicious user can fake e-mails from the victim, then report the victim to their e-mail provider, resulting in their e-mail being terminated.
  2. Spam/harassment: After getting the real e-mail of the victim, the attacker can send them malicious e-mails manually or sign their e-mail up for spam lists.

Here's how this could be solved:
Rather then having e-mails sent and received from real addresses, a proxy would used instead. Example: if a malicious user with the email address lta@vandalism.com sent an e-mail to a legitimate user with the email address wikicontributor@email.site, it would go like this:

  1. The e-mail would be sent from lta@vandalism.com to a temporary proxy (something like 0678378e6c879b99@securemail.wikimedia.org), then it would be confirmed and a header giving the name of the sender would be added
  2. The e-mail would be sent from the sending proxy to the receiving one (e.g. 0678378e6c879b99@securemail.wikimedia.org to 6d38c9e82c3f5edf@securemail.wikimedia.org)
  3. The e-mail would be sent from the receiving proxy to the end-user (i.e. 6d38c9e82c3f5edf@securemail.wikimedia.org to wikicontributor@email.site)

Replying would be done entirely using these proxies with no risk of their real e-mails being exposed. If a proxy e-mail gets spammed, it can be reset or disabled. If a users replies to a proxy that has been de-activated, they would be sent an automatic message saying that it would need to be sent using the e-mail user feature again. Checkusers could still see the real e-mails if needed.

Use case(s) (list the steps that you performed to discover that problem, and describe the actual underlying problem which you want to solve. Do not describe only a solution): See above.

Benefits (why should this be implemented?): See above.

Event Timeline

@Ilovemydoodle Please don't be disruptive to other users by randomly subscribing users by mentioning them.

@Ilovemydoodle Please don't be disruptive to other users by randomly subscribing users by mentioning them.

Sorry. Also, I did not know that pinging a user auto-subscribes them.

As others have pointed out, there are significant differences between my proposal and the it was merged with. So I am re-opening this.

Aklapper closed this task as Declined.EditedAug 21 2022, 9:40 AM

If you prefer declined, then this solution will not be implemented.

We prefer to discuss problem definitions first, then potential solutions. Some solutions are more feasible than others.