Page MenuHomePhabricator
Create Task
Maniphest T315694

End e-mail harassment
Closed, DuplicatePublicFeature
Actions

Description

Feature summary (what you would like to be able to do and where):
On Wikipedia, Wikiquote, and other Wikimedia wikis, LTAs and vandals often abuse the e-mail user feature, while this is a problem, it is not in itself a security issue. The security issue happens if the victim replies. While there are warnings against this, some users may not see them, or the e-mail might seem legitimate.

There are two main issues:

  1. E-mail shutdowns: A malicious user can fake e-mails from the victim, then report the victim to their e-mail provider, resulting in their e-mail being terminated.
  2. Spam/harassment: After getting the real e-mail of the victim, the attacker can send them malicious e-mails manually or sign their e-mail up for spam lists.

Here's how this could be solved:
Rather then having e-mails sent and received from real addresses, a proxy would used instead. Example: if a malicious user with the email address lta@vandalism.com sent an e-mail to a legitimate user with the email address wikicontributor@email.site, it would go like this:

  1. The e-mail would be sent from lta@vandalism.com to a temporary proxy (something like 0678378e6c879b99@securemail.wikimedia.org), then it would be confirmed and a header giving the name of the sender would be added
  2. The e-mail would be sent from the sending proxy to the receiving one (e.g. 0678378e6c879b99@securemail.wikimedia.org to 6d38c9e82c3f5edf@securemail.wikimedia.org)
  3. The e-mail would be sent from the receiving proxy to the end-user (i.e. 6d38c9e82c3f5edf@securemail.wikimedia.org to wikicontributor@email.site)

Replying would be done entirely using these proxies with no risk of their real e-mails being exposed. If a proxy e-mail gets spammed, it can be reset or disabled. If a users replies to a proxy that has been de-activated, they would be sent an automatic message saying that it would need to be sent using the e-mail user feature again. Checkusers could still see the real e-mails if needed.

Use case(s) (list the steps that you performed to discover that problem, and describe the actual underlying problem which you want to solve. Do not describe only a solution): See above.

Benefits (why should this be implemented?): See above.

Related Objects

Event Timeline

Ilovemydoodle created this task.Aug 19 2022, 7:41 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 19 2022, 7:41 PM
Operator873 subscribed.Aug 19 2022, 10:36 PM
Ilovemydoodle added subscribers: Pppery, Sophivorus.Aug 20 2022, 3:29 AM
This comment was removed by Ilovemydoodle.
Peachey88 subscribed.Aug 20 2022, 4:00 AM

@Ilovemydoodle Please don't be disruptive to other users by randomly subscribing users by mentioning them.

Ilovemydoodle removed subscribers: Sophivorus, Pppery.Aug 20 2022, 4:15 AM
In T315694#8170539, @Peachey88 wrote:

@Ilovemydoodle Please don't be disruptive to other users by randomly subscribing users by mentioning them.

Sorry. Also, I did not know that pinging a user auto-subscribes them.

Aklapper closed this task as a duplicate of T150421: Provide a sender email address alias for use in Special:Emailuser (aka 2-way email relay).Aug 20 2022, 3:00 PM
Ilovemydoodle reopened this task as Open.Aug 21 2022, 12:58 AM

As others have pointed out, there are significant differences between my proposal and the it was merged with. So I am re-opening this.

Ilovemydoodle awarded a token.Aug 21 2022, 1:02 AM
Ilovemydoodle mentioned this in T150421: Provide a sender email address alias for use in Special:Emailuser (aka 2-way email relay).
Aklapper closed this task as Declined.EditedAug 21 2022, 9:40 AM

If you prefer declined, then this solution will not be implemented.

We prefer to discuss problem definitions first, then potential solutions. Some solutions are more feasible than others.

Ilovemydoodle closed this task as a duplicate of T150421: Provide a sender email address alias for use in Special:Emailuser (aka 2-way email relay).Aug 21 2022, 12:36 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits