Results 1 to 7 of 7

Thread: Bugzilla appears to allow email harvesting by spammers

  1. #1
    storm's Avatar
    storm is offline Advanced Member
    Join Date
    May 2006
    Location
    London, UK
    Posts
    178
    Rep Power
    9

    Default Bugzilla appears to allow email harvesting by spammers

    Please can you change the settings in bugzilla as our email addresses appear to be displayed in cleartext; leaving us wide open for all spiders to harvest and spam.

    Worst, your bugzilla accounts request we enter our real names on our accounts, thus giving the spiders the benefit of our realnames and email addresses.

    Please sort this urgently; or, if I'm mistaken please explain what measures are in place to protect against this.

    Many thanks,
    stőrm

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,485
    Rep Power
    56

    Default

    What leads you to believe that's a problem? I've entered my details (work and private) and don't notice any increase in spam because of it.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    storm's Avatar
    storm is offline Advanced Member
    Join Date
    May 2006
    Location
    London, UK
    Posts
    178
    Rep Power
    9

    Default

    I appreciate it may not be a problem on every site; however, there's plenty of evidence that email addresses, from across the web, which are not effectively obfuscated are routinely 'harvested' by spiders.

    To give an anecdotal example, I have myself created email addresses for specific purposes where I know they'll be viewable (and harvestable) online, and sure enough I have received spam on them.

    Prevention is better than cure, and I can't see a sound reason why full email addresses should appear, unobfuscated, on the zimbra bugzilla system. I would urge zimbra to consider applying the 'precautionary principle' to this issue.

    Thanks,
    störm

  4. #4
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Take it up with the guys at Mozilla. Bugzilla is the industry standard, and it's what we use.

    They do the same thing:
    https://bugzilla.mozilla.org/show_bug.cgi?id=340318

    Look at the addresses. Any company who uses bugzilla faces this issue. We do have certain prevention measures in place that many do not.

  5. #5
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,485
    Rep Power
    56

    Default

    Quote Originally Posted by storm View Post
    To give an anecdotal example, I have myself created email addresses for specific purposes where I know they'll be viewable (and harvestable) online, and sure enough I have received spam on them.
    That's just an example of the normal techniques spammers use, they generate millions of email addresses that they then try to deliver.

    As another anecdotal example, I've just created an email address on my own server and within 10 minutes there were connection attempts trying to deliver spam to that address - that address has never been out in the wild.

    If you think this is a problem then improve the current anti-spam in Zimbra, you can modify the tag/kill percentages and there are plenty of threads in the forums and wiki articles on what you can do to improve your success rate.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    storm's Avatar
    storm is offline Advanced Member
    Join Date
    May 2006
    Location
    London, UK
    Posts
    178
    Rep Power
    9

    Default

    Thanks for the suggestions Bill/JHolder.

    As regards spamming of email addresses that have never been 'out in the wild', I appreciate that spamming technique is utilised; however, my own email addresses have often been fairly unusually constructed - and its often only after their presence on the web that I start receiving drifts of spam.

    I can see it may not be as big a problem as I anticipated; however I still am not convinced that it's a good practice.

    In any case, as suggested I'll take the matter up with makers of this software, though I don't know what chance I'll have!

    Cheers,
    Störm

  7. #7
    storm's Avatar
    storm is offline Advanced Member
    Join Date
    May 2006
    Location
    London, UK
    Posts
    178
    Rep Power
    9

    Default

    Redhat's bugzilla service at: https://bugzilla.redhat.com
    does NOT allow email addresses to become visible to users not logged-in.

    I have looked up the issue at Mozilla's own bugzilla, and there are quite a number of related bugs, and concern, but not much happening by way of changes- resolution of this issue is retargetted consistently from one release to another (since 2003 indeed).

    This is not only a spam issue, but a privacy issue.

    People have made a big fuss about the privacy of personal details, and if facebook for example, allowed easy public access to email addresses and associated full names there would be an outcry.

    Furthermore, the current bugzilla system doesn't even allow a user to change their email address.

    I would suggest zimbra takes a look at the Redhat bugzilla system.

    I any case, in the meantime, I would quite like my email address either obfuscated, removed or altered.

    Can you do this for me please?

    Regards
    störm

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Not receiving from given domain
    By jrefl5 in forum Administrators
    Replies: 19
    Last Post: 02-29-2008, 11:45 AM
  2. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  3. upgrade to 4.0.3 antispam does'nt work
    By lucanannipieri in forum Administrators
    Replies: 14
    Last Post: 11-07-2006, 03:56 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •