Version: (using KDE KDE 3.1) Installed from: RedHat RPMs0 bugs.kde.org writes email addresses in plain text; mailto:email@address.com This makes it far too easy for spammers to crawl your site and harvest them. Problem is that I only realised this AFTER I put in my email address and commented on a bug, so now my email address will be added to their lists. I want to be able to change my email address to validUser@REMOVE_THISvalidDomain.com as this stops address harvesting, but your system requires me to confirm that it is a valid email address. The whole point is that I want to enter an INVALID email address. Either that or even better, please try and encode the email address in a way that spammers cannot understand. using JavaScript is a good start (some people use HTML entities, but spammers can decode these easily). For an example, see my email address on this page. Fortunately, I have created an email address specially for your site, so I will just have to block all emails to that address.
log out of the system and notice the difference
Aah, sorry. I had tried that, but Opera had cached the page, even when I hit reload. 'Resolution: INVALID' is quite right.
Hello, How do you prevent spamers from loging in and thus get email adresses ?
I am reopening this bug as spammers are becoming more creative and simply logging in to scrap email addresses is trivial. I am receiving much spam to the address which I use exclusively on BKO. I propose that until a user reaches a special threshold (has a bug verified, commits a patch, or some other trivial check) then he does not see other user's email addresses.
(In reply to comment #4) > I am reopening this bug as spammers are becoming more creative and simply > logging in to scrap email addresses is trivial. I am receiving much spam to the > address which I use exclusively on BKO. Bugzilla's email changes are addressed to a public mailing list (kde-bugs-dist). > I propose that until a user reaches a special threshold (has a bug verified, > commits a patch, or some other trivial check) then he does not see other user's > email addresses. That is too unfair for simple reporters. People complain that "it is too hard to report bugs in KDE", putting more thresholds will not help. Resolution stays INVALID, as bugzilla itself *do* have spam protections.
> That is too unfair for simple reporters. People complain that "it > is too hard to report bugs in KDE", putting more thresholds will > not help. This does not make it any harder to report bugs. In fact, I am only a reporter (I do not know to program). That is why I suggested that even having a bug confirmed would be enough to allow access to the email addresses. This would not add a threshold to the reporting of bugs in BKO. Only to the access of the email addresses of other users.
I completely agree with the initial poster. I'm only a simple reporter, too (in fact I only posted one bug so far), and I fear my address gets crawled as I get spam to almost all addresses I posted publicly on the net so far. If there are measures to prevent address crawling I didn't notice any and would like to know more about them. I actually was reluctant to even register because I saw no measures in that regard.
See related bug 197592: Captcha or other verification to receive email addresses