Last modified: 2011-04-14 15:12:24 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T18466, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 16466 - It shouldn't be possible to send Wikimails containing weblinks on blacklist
It shouldn't be possible to send Wikimails containing weblinks on blacklist
Status: NEW
Product: MediaWiki extensions
Classification: Unclassified
Spam Blacklist (Other open bugs)
unspecified
All All
: Low enhancement with 3 votes (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-26 20:31 UTC by TheWolf
Modified: 2011-04-14 15:12 UTC (History)
7 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description TheWolf 2008-11-26 20:31:30 UTC
At the moment, the Wikimail function isn't sensitive to the spam blacklist. This should be changed, so that it won't be possible to send Wikimails containing weblinks on the blacklist anymore.
Comment 1 Mike.lifeguard 2008-11-26 20:32:25 UTC
Product -> MediaWiki extensions
Component -> Spam blacklist
Comment 2 pgrawehr 2008-11-26 20:53:37 UTC
Also (didn't test whether this is already so) non-autoconfirmed users should probably need to enter the captcha to send the Mail. 

Background: There have been some users harassing others by sending them spam mails to become a member of some extreme-right-nazi-wiki on dewiki. 
Comment 3 Robin (syrcro) 2008-11-27 08:50:37 UTC
Please don not change it: 1. the Spam-blackmail guys are using wikimail to review and discuss spam-black- and white-list issues. 2. There is some kind of a newsletter about suspicion of crosswiki spam which refers to both lists. 3. Users ask frequently about ''their'' blacklisted URL or about whitelisting exceptions. 4. Tinyurl etc are blacklisted, I use them often to send links to wiyki-friends. 5. It will not prefent spaming. blacklists don not block URL without application layer protocol (de.wikipedia.org without http://).
Comment 4 Robin (syrcro) 2008-11-27 08:53:06 UTC
PS: 6. I don not feel well, knowing someone will scan my email for some strings. 
Comment 5 Mike.lifeguard 2008-11-27 08:56:19 UTC
(In reply to comment #3)
> Please don not change it: 1. the Spam-blackmail guys are using wikimail to
> review and discuss spam-black- and white-list issues. 

They should consider emailing each other directly; most discussion should certainly remain on-wiki.

> 2. There is some kind of
> a newsletter about suspicion of crosswiki spam which refers to both lists.

I am missing the significance of this statement. Mailing lists do not email through the wiki.

> 3.
> Users ask frequently about ''their'' blacklisted URL or about whitelisting
> exceptions.

Yes, they should mention the domain instead of linking. Better yet would be undertaking these reviews on-wiki.

> 4. Tinyurl etc are blacklisted, I use them often to send links to
> wiyki-friends.

Trivial; use the full URL or leave off http://

> 5. It will not prefent spaming. blacklists don not block URL
> without application layer protocol (de.wikipedia.org without http://).
> 

Nothing will stop spamming. The perfect is the enemy of the good.
Comment 6 Mike.lifeguard 2008-11-27 08:56:54 UTC
(In reply to comment #4)
> PS: 6. I don not feel well, knowing someone will scan my email for some
> strings. 
> 

The system doesn't record what's in the email. We take privacy seriously; see the privacy policy please.
Comment 7 Mike.lifeguard 2008-11-27 08:57:21 UTC
(In reply to comment #0)
> At the moment, the Wikimail function isn't sensitive to the spam blacklist.
> This should be changed, so that it won't be possible to send Wikimails
> containing weblinks on the blacklist anymore.
> 

This may be a candidate for AbuseFilter, though ideally the whole extension would simply be rewritten.
Comment 8 seth 2008-11-30 12:17:34 UTC
Imho the scanning of mails would cause more walls than spam defense.
Spam actually is the mail itself not any link inside. However, if there would be a warning for newbies like: "Just omit http://, then you can place any link!", then of course spammer could use this information, too.
As I take care of the de-sbl I sometimes get e-mails from very unexperienced users, who don't find or don't know how to use the sbl talk page. How should they cope with such an additional filter?
Comment 9 Mike.lifeguard 2009-03-10 03:44:44 UTC
I agree this should not be a high priority, though we do know that spammers use Special:EmailUser on occasion. Normally it is very easy to track down, and gets them a swift block with email disabled, proving spammers are not the brightest folk you've ever met.
Comment 10 Alex Z. 2009-03-10 04:22:20 UTC
At the very least, $wgSpamRegex should probably be checked against emails, if it isn't already.
Comment 11 Mike.lifeguard 2010-08-02 13:12:33 UTC
Another confirmed case of spamming through the wiki email interface... several hundred emails sent at once, then rotating to a new IP and/or account. It'd be nice to stop them from spamming our users by blacklisting the domain.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links