Interested to see the verdict on the mail from Neophytos. Spammers do sometimes use collected emails to populate sender addresses (once and a while I will get bombarded with very dirty bounces when my address is abused for such purposes - some of the few things that get through my elaborate spam defense mechanisms). If it wasn't a harmless slip up by Neophytos, it was either quite a coincidence or we have some spammers that are doing some social networking research.
Andrew, your points about email are valid and shared to a certain extent within the community. Our defenses in this area need to be a little more elaborate.
I just logged out and looked around the site for places that emails are visible and when you click on someone's name you get the following message (as expected):
"If you were to log in, you'd be able to get more information on your fellow community member."
This is great, but eventually we might want to add a 20 second delay on actually getting that kind of information from the directory package (if I recall correctly this is something photo.net does nicely that we should generalize for the toolkit). Would make the addresses less accessible through scripting.
I also did a quick site scoped google search and did find areas of our site where emails are exposed to the world -> the bug tracker. This is in the bug view. Here is an example:
https://openacs.org/bugtracker/openacs/com/dotlrn-general/bug?bug_number=190
That email next to my name is accessible to search engines. This should be changed (12 pages of results and every one related to bugs) or has it been fixed already (I do remember someone mentioning this is the past)?
Even though you seem to have ruffled some feathers around here, some fresh feedback is appreciated (although more careful wording would be appreciated 😉.
Carl
P.S. I am going to make Neophytos's email address above less spam harvester friendly by editing the post.
