Last modified: 2014-04-11 19:49:22 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T48315, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 46315 - Email notifications should not be signed with the WMF address
Email notifications should not be signed with the WMF address
Status: RESOLVED WONTFIX
Product: Wikimedia
Classification: Unclassified
Site requests (Other open bugs)
wmf-deployment
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
: shell
Depends on:
Blocks: 1932
  Show dependency treegraph
 
Reported: 2013-03-19 09:35 UTC by Nemo
Modified: 2014-04-11 19:49 UTC (History)
19 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Nemo 2013-03-19 09:35:14 UTC
I received this notification and though it was phishing:
----
From: MediaWiki mail
Subject: You have a new talkpage message

Wikipedia user Axpde posted on your talk page:

/* ? */ new section

View more:

http://test.wikipedia.org/wiki/User_talk:Nemo_bis

________________________________________________

To control which emails we send you, visit:
http://test.wikipedia.org/wiki/Special:Preferences#mw-prefsection-echo

Wikimedia Foundation, 149 New Montgomery St., 3rd Fl., San Francisco, CA 94105.
----
The WMF never wants to appear responsible of the users' messages and emails.
Comment 1 Kevin Israel (PleaseStand) 2013-03-19 10:43:14 UTC
From https://noc.wikimedia.org/conf/highlight.php?file=InitialiseSettings.php :

'wmgEchoEmailFooterAddress' => array(
        'default' => 'Wikimedia Foundation, 149 New Montgomery St., 3rd Fl., San Francisco, CA 94105.',
),

This is parameter $1 in message 'echo-email-footer-default'.
Comment 2 p858snake 2013-03-19 12:40:53 UTC
(In reply to comment #0)
> ----
> The WMF never wants to appear responsible of the users' messages and emails.

I think the WMF might actually need to be here, due to some anti-spam requirements, You can always git blame the noc.local settings to see who added it and follow up with that user.
Comment 3 Nemo 2013-03-19 12:48:21 UTC
(In reply to comment #2)
> I think the WMF might actually need to be here, due to some anti-spam
> requirements

Anti-spam requirements? This is text in the email body...
Comment 4 Tomasz W. Kozlowski 2013-04-16 20:26:15 UTC
CC'ing Philippe so that he can confirm with LCA if they really want to be named in the body of the e-mails.
Comment 5 Fabrice Florin 2013-04-16 20:47:36 UTC
Thanks for bringing this up. 

The decision to include the WMF address in notification emails was made by Michelle Paulson in the Wikimedia Foundation's legal team.

This address is required by law, and is consistent with best practices for this type of notifications. 

Please let us know if you have any further questions about this. Thank you!
Comment 6 Platonides 2013-04-16 20:49:55 UTC
This is completely silly. Not even in OTRS we use the WMF address. And that text doesn't properly the fact that WMF operates the server, but has absolutely *nothing* to do with the content.

Added by bsitu on 18 Dec 2012, in e4d435a5da8b51bf1988a8d242eb7eb0c4fa1d99. The commit message says nothing about any email regulation (“Configuration change for Echo extension”). Looks like someone simply thought it was a good idea.
Comment 7 Platonides 2013-04-16 20:53:02 UTC
Fabrice, if you really want to keep the address, what about prepending it with "This site is operated by " [Wikimedia Foundation...] Even then, I'd expect some people misunderstanding it, taking it as coming from WMF.
Comment 8 Nemo 2013-04-16 20:55:23 UTC
(In reply to comment #5)
> The decision to include the WMF address in notification emails was made by
> Michelle Paulson in the Wikimedia Foundation's legal team.

Did they also review/request the specific implementation/look of it?

> 
> This address is required by law, and is consistent with best practices for
> this
> type of notifications. 

What best practices? I don't see anything like that in Google's or eBay's notifications. Twitter has a line but it's very hidden, at the end of a small-font footer after several lines of other meta information on how to unsubscribe etc.
On the contrary, this footer is probably the most prominent part of the notification.
Comment 9 Fabrice Florin 2013-04-16 22:43:35 UTC
Hi Nemo,

Yes, WMF's legal team reviewed the specific implementation of notifications.

Note that you are only looking at the plain text email notification -- not the HTML implementation that will come out in a few weeks, as shown in this mockup:
http://upload.wikimedia.org/wikipedia/commons/9/92/EmailUX_content.png

Once this HTML email feature is deployed, this legal notice will be greatly reduced in size and should address your concerns. 

On the question of best practices, all top sites we have researched include such an address at the bottom of their notification emails, as shown in these screenshots:

http://ur1.ca/derc9

Because this is required by law, I'm afraid I don't think we have a lot of flexibility on this issue. 

Platonides, thanks for your suggestion that we add more clarifications in the footer. However, we would rather keep this legal disclaimer as short as possible, so it's more readable. I don't see a strong need to make this any more complicated than it needs to be, when you consider that most large sites use short versions as well.


P.S. On side note, I do not see any evidence to support the view that "this footer is probably the most prominent part of the notification", given that it appears last, not first, in the plain text emails. But this seems like a moot point, as plain text emails will soon be replaced by HTML emails.
Comment 10 MZMcBride 2013-04-17 00:57:54 UTC
As I understand it, the [[CAN-SPAM Act of 2003]] requires that certain organizations include a physical mailing address in e-mails.

From that article's "Content compliance" section:

---
A legitimate physical address of the publisher and/or advertiser is present. PO Box addresses are acceptable in compliance with 16 C.F.R. § 316.2(p) and if the email is sent by a third party, the legitimate physical address of the entity, whose products or services are promoted through the email should be visible.
---

Arguably that law only applies to commercial entities like Google and Facebook, but lawyers will be lawyers. :-)

For what it's worth, every Facebook notification e-mail I receive has this footer or a close variant:

---
View Conversation on Facebook · Reply to this email to message Some Sender.
This message was sent to you@example.com. If you don't want to receive these emails from Facebook in the future, please unsubscribe.
Facebook, Inc., Attention: Department 415, PO Box 10005, Palo Alto, CA 94303
---

I rarely get e-mail from Google, but the most recent e-mail I received (something I opted in to, even) included this footer:

---
© 2013 Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy | Terms of Service
You are receiving this notification for every newly generated Google Account Activity Report. Change reminder settings
---

Yes, even with the "©". Silly Google.

This bug may be a wontfix, unless the goal is to simply make the mailing address less obtrusive. Fabrice is right that using HTML e-mail will mitigate this annoyance heavily.
Comment 11 Andre Klapper 2013-04-17 10:26:50 UTC
No good reasons for high priority here ("fixing" has no obvious urgency), plus proposing WONTFIX due to legal requirements.
Comment 12 Fabrice Florin 2013-04-17 18:40:55 UTC
Thanks, André and MZ McBride.

I concur with your recommendation to mark the but as wontfix, for all the reasons stated above.

I have gone ahead and done that.

Thanks again to everyone for your thoughtful observations on this issue!

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links