Project owner(s) sending out spam mails

+1

Yes, very unprofessional behaviour.

We apologise for any spam you might have recieved, we are certainly not fan of recieving or sending unsolicited mail and we are investigating what went wrong.

I'm closing this ticket as it's unrelated to Drupal development.

Regards,
Sam

code of conduct

It does and users should be block if it keeps happening... not sure on projects. Since this is still happening, moving to the WebMasters queue for their take on it.

Copy of the email (dated 25 April)

Hello,

My name is Dennis and I’m promoting a new Drupal project.

I noticed your websites are made in Drupal, so I suppose you know all about the hassle of keeping Drupal websites up to date.

To solve this problem my friend Sam developed a Drupal module that totally changed the way we manage them.

Since there are so many Drupal configurations out there, we are looking for as many testers as possible in order to improve and perfect our module. 

So in effect what we’re asking is that you would download our module (https://drupal.org/project/system_status/) and deploy it on as many sites as possible and report any issues that might occur.

At the same time, what we’re offering you is a centralized dashboard that will show you the status of all your websites.

I believe that this will be very helpful for all of us - Drupal developers and site owners alike.

I will be happy to get your feedback. Don’t hesitate to contact me if you have questions or comments.

Kind Regards,

Dennis
Outreach representative
--
https://drupal.org/project/system_status/

This behavior is unacceptable. No discussion about it. Let's see what other webmasters have to say about it in terms of sanctions.

I think it is worth adding here to anyone who needs better options to tell the community about their module that preferred ways to do this are:

• in person at a Drupal meetup, camp, or DrupalCon
• in a post on the site building or post-installation forums
• Twitter, use #Drupal
• IRC

I'd say this is fixed. The user in violation of the DCOC was notified and responded and has (as far as I know) refrained from sending out other unsolicited emails.

If the behavior continues, we block the account.

DCOC was notified and responded and has (as far as I know) refrained from sending out other unsolicited emails

It is helpful if these are posted back to the main thread. If that is the case, maybe this should be closed and pushed back to the main project to re-associate the thread there?

And a user block is not applicable here afaict. Issue is external staff associated with a project.

Received Wed, May 7, 2014 at 05:01 PM (AEST)

Hello, 

My name is Dennis and I’m promoting a new Drupal project. 

I noticed your websites are made in Drupal, so I suppose you know all about the hassle of keeping Drupal websites up to date. 

To solve this problem my friend Sam developed a Drupal module that totally changed the way we manage them. 

Since there are so many Drupal configurations out there, we are looking for as many testers as possible in order to improve and perfect our module. 

So in effect what we’re asking is that you would download our module (https://drupal.org/project/system_status/) and deploy it on as many sites as possible and report any issues that might occur. 

At the same time, what we’re offering you is a centralized dashboard that will show you the status of all your websites. 

I believe that this will be very helpful for all of us - Drupal developers and site owners alike. 

I will be happy to get your feedback. Don’t hesitate to contact me if you have questions or comments. 

Kind Regards, 

Dennis 
Outreach representative 
-- 
https://drupal.org/project/system_status/ 

I looked through the mail db logs (from the admin view) and there have been no contact emails from Sam or to Alan in the last few days.

Is the mail coming from the d.o/user/ contact form? If so, can someone provide the top part of the email (with the UIDs.) Or can Alan or Jens send me the emails through my contact form?

We shouldn't have to waste webmaster time and effort trying to sort out the companies' issues with a problem employee doing something they shouldn't. imo we unpublish the project until we get a satisfactory response from one of the maintainers regarding the most recent infraction. Then if it happens again, we unpublish again for a longer period of time. One more time and the project is lost, period.

We have to have zero tolerance for this sort of nonsense.

Unpublished project.

Is the mail coming from the d.o/user/ contact form?

No, single email with 3 email recipients, 2 are non-drupal.org staff members.

Hello guys,

I was pointed to this thread by someone in #drupalorg, i did not knew this thread continued after my initial response as it was moved outside the issue queue of my project.

While unpublishing this project certainly got my attention, i would like to set some things straight:

1) I, nor anyone else has ever used the 'mail' or 'notification' feature available on drupal.org (in response to https://drupal.org/node/2232995#comment-8754171 ) to promote or spam this project.

2) This project is not a commercial initiative in any way at all, its an open source initative supported and developed by various organisations and promoted at local drupal events or meetups. Therefore i feel that talking about this as a 'company' or 'employee' is incorrect.

The fact that Dennis took the liberty to start mailing organisations could be seen as a bad judgement call at worst, but even now when i read the content of his message, i do not find it harmfull or offensive.
(this does not mean that i promote or accept the sending of unsolicited mail)

3) DCOC. I respect the various opinions given in this thread, and i from my side will do anything in my power to prevent unsolicited mail, or other such promotion of this project.

This is an official acknowledgement that i recieved this as a official and last warning, and i will share this information with anyone collaborating on this project.

Regards,
Sam

I'm about to un-block the project page because I did a quick review of the code and couldn't see where this module is sending either a site mail or user email address back to the drupalstatus.org site for it to be harvested for spam.

Thanks to deekayen for this intervention...

On a more personal note, i do feel that excessive force was used. No one took the liberty to contact me before taking action, and neither the module, the project page or any infrastructure at drupal.org was abused to promote this project or gather contact details.

The mere fact that if someone (thats not even a member of drupal.org) uses public available contact details on websites to reach out to someone can cause a project to be unpublished without any warning does cause me some concern.

I picked two identifiable companies to search my email trash: Acquia and Commerce Guys. I haven't received spammy stuff from Acquia that I can find, but I have from Commerce Guys. Most recently, April 23, I got an email promoting the Commerce Guys training at DrupalCon. Launching a campaign to block https://drupal.org/project/commerce wouldn't be appropriate.

"Dennis" lacked some tact, flair, and an unsubscribe link for sure. I don't think the module is at fault here. The Drupal Status website is. You signed up for a free service and got unsolicited email in return. It was free. You've never gotten spam before? At least this was relevant to what you care about. I've been a Drupal Status user for months and never received a "Dennis" email, so I'm giving Sam some space to see he's making trouble and kill off "Dennis".

I'm even considering the possibility that Sam === Dennis. This is Sam's first module. He's had a lashing from the unpublish box. Let's see what Sam's team does now.

You signed up for a free service and got unsolicited email in return.

We had not and it is difficult to see where they would have got our emails from. These were to higher admin staff / managers, including the operational manager that never has anything to do with drupal.org nor the sites we do.

I, nor anyone else has ever used the 'mail' or 'notification' feature available on drupal.org

No, these have never been via the Contact module afaict. That would be an easy case of blocking the user that used this.

This definitely looks like a mass mail out program from harvested emails. Or someone being busy cutting and pasting the same email and manually sending this out. I can only access a copy via GMail, so can a direct receiver copy and paste in the metadata / mail headers to help direct clarify what is sending the mail.

The email key was (hash code).Java.mail@drupalstatus.org, but that doesn't really help point to the real source.

some countries it is illegal to sent mails unless you have an accept from the receiver

And add to that these have no unsubscribe either, so doubling up the issues related to mass mail outs.

Maybe time for a proper policy related to this. Possible actions and time periods to resolve

1) Notify via the issue queue (1 week)
2) Project page notification, like when the maintainers have not done security related modifications + email from webmaster to maintainers (2 weeks)
3) Temp. blockage + email from webmaster to maintainers. Final notice.
4) Delete project

@Sam
User tracker pages are a bit bung since the drupal.org upgrade, a custom search for issues seems to work for most.

https://drupal.org/project/issues/search?text=&projects=&assigned=&submi...

I can only access a copy via GMail, so can a direct receiver copy and paste in the metadata / mail headers to help direct clarify what is sending the mail.

@Alan D. in the dropdown on the right hand side of Gmail, you can select "show original" to get all of the metadata/headers. https://www.dropbox.com/s/zmshruvd6ua99p2/Screenshot%202014-05-09%2016.1...

@Mixologic
While I have access to most emails that we get for work due to the integration of our email with our job management system, I only have access to forwarded copies of this email that have stripped out all of the metadata. :(

I think the situation is resolved so marking this fixed.