0006309: RSS Author Email Tag always shows @example.com - MantisBT - Signup temporarily disabled due to spam

ID	Project	Category	View Status	Date Submitted	Last Update

0006309	mantisbt	rss	public	2005-09-30 20:41	2009-06-26 12:05

Reporter	sebflipper	Assigned To	giallu
Priority	normal	Severity	trivial	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	1.0.0rc2

Summary	0006309: RSS Author Email Tag always shows @example.com
Description	The RSS for the news shows: <author>vboctor vboctor@example.com</author> When it should show the users email address or system email address
Tags	No tags attached.

vboctor 2006-04-23 08:44 manager ~0012690	The use of authorname@example.com is used to protect the Mantis users' email addresses from anonymous users. Please re-test with authenticated RSS feeds. The proper email address should be shows for users with global access level greater than or equal to $g_show_user_email_threshold. The authenticated RSS feeds are a feature of Mantis 1.1 and can now be retrieved from the latest CVS code.

hacker 2006-05-12 16:49 reporter ~0012825 Last edited: 2006-05-12 16:55	I think there is a better way of doing this which does not break the ability to contact the reporting user directly from the feed... I've used this successfully for YEARS (and I've reported this years back in Mantis, and had it patched in for at least that long): If you obfuscate the address so browsers (gui and text) understand it as a valid mailto tag, but parsing spiders cannot (no domain, no recognizable mailto tag, nothing they can split() on), you can protect the users from being spammed. ' I've set up a dummy page years back with some very specific email addresses that is set up as an invisible link on a few websites I host. Only spiders and scrapers that parse the pages for content would see it, users never do. In 5+ years, with hundreds of hits to that page every day, I haven't seen a SINGLE email come back addressed to any of the addresses listed in it, because they can't pull the address out of the content. It looks like this (hopefully Mantis won't eat it here): <a href="mailto:catchaspammer@gnu-designs.com">catchaspammer@gnu-designs.com</a> I've implemented this in Mantis on our end and it works great. UPDATE: Yep, Mantis here ate it.. thinking that the pound sign was the beginning of a bug link (which is why I use two of them here, to stop that from happening. Let me try escaping them here...Nope, your configuration here eats the entities.) In any case, replacing the colon, @ and dot in the TLD stops the automated parsers from pulling email addresses out. Can someone work around it? Sure, but in over 7 years of using this technique across 70 domains, I've never seen it. Ever. You can see what it is supposed to look like on this page of ours: http://www.gnu-designs.com/?a=contact

grangeway 2008-07-28 15:35 reporter ~0018830	Can't this just be a username? (author)

giallu 2008-12-19 03:44 reporter ~0020422	the example.com domain is reserved for documentantion purposes. Any other use (like the present one), should be really avoided. If we want to restrict who can see the address, then IMHO it's better (and easier) to just not show it in the feed. I have a local patch that addresses the problem, assigning the bug to myself.

RoboDoc 2009-01-03 08:08 reporter ~0020524	Since I want to know the username (but still be able to 'protect' the email-address) of the users, I changed the following: $t_author_email = $author . '@example.com'; ..to: $t_author_email = $author . '+noreply@mydomain.com'; ..and added a global "noreply"-tag in my SMTPd's, blackholing email sent to email-addresses with a noreply tag. :) I don't even consider this a 'dirty' workaround, as most users won't expect a reply from an email-address contaning words like 'noreply', etc. :)