Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By rwelti on
Here on the drupal.org website, I enabled the Contact checkbox in
"My Account", as a test. It promises that my email address will be kept private:
"Allow other users to contact you by e-mail via your personal contact form. Note that while your e-mail address is not made public to other members of the community, privileged users such as site administrators are able to contact you even if you choose not to enable this feature."
But when I then click on my "Contact" tab, instead of saying "this user
is not accepting emails" it now has an email form ready to be filled out
and sent, whose "Reply To:" field is my supposedly private email address, there
for the harvesting by any person or machine that cares to grab it!
Did I somehow misunderstand the assurance of privacy given on
the My Account page (shown above) ???
I take privacy and spam seriously.
RW
Comments
Eh?
When you go to contact someone, it fills in your email as the "from" because you're not allowed to contact someone anonymously. I don't know what you're going on about harvesting for... The only email you can see is your own. Not much point in harvesting your own email.
Michelle
--------------------------------------
My site: http://shellmultimedia.com
logout
If you logout first, or log in as another user, then go to your user or contact page - you will then see what everyone else sees... no email address.
I can't see your email address, just checked.
The only reason you can see more details is because you are, well, you. :)
--
Ross Kendall
UK based Web and IT consultant specialising in Free and Open Source Software technologies.
http://rosskendall.com
OK, now I get it!
Thanks, I see what you guys mean.
I just thought (without too much time spent obviously!) that it would
protect me by NOT using my real address in the Reply To: field, but rather
use "myaccount@drupal.org" and then forward email from the preceding
address to the "real" address, thereby hiding the real address entirely.
It isn't that I insist on being anonymous so much as that once your email
appears in another email which is quoted and then posted and so on, it
is very possible for it to get out into a web posted area which is regularly
harvested for addresses.
However, I remember now I also have the option of using "Remove the X (real X address)"
as an address (assuming the field validation permits) and avoid the harvesting risk.
(Can't enter the "Remove.." address above correctly just due to form email protections mechanisms, but
you get the idea)
Again, thanks for reading!!
R
...
Drupal protects your email in that someone contacting you doesn't see your email unless you choose to respond. If you take the initiative to contact someone, it's expected that you're ok with them seeing your address to respond to you. If you're worried that the person you're contacting is unethical enough to take your private email and post it on a website without your permission, then it seems not contacting them would be prudent.
Michelle
--------------------------------------
My site: http://shellmultimedia.com