Codeberg/Community
54
325
Fork
You've already forked Community
12

Misleading email notifications #1762

Open
opened 2025年01月15日 23:05:31 +01:00 by puer-robustus · 2 comments

Comment

The mail template used for (amongst other things) mention notification emails can be misleading recipients into thinking that they can reply to the mail (compare #1562) because the mentioning username appears as the email's sender even though it is sent from <noreply@codeberg.org> (see #1640).

Upon receiving such an email

@userA mentioned you:
@userB What's your take on xyz?
---
View it on Codeberg.org.
Codeberg e.V. – Arminiusstraße 2-4 – 10551 Berlin – Germany
Registered at registration court Amtsgericht Charlottenburg VR36929.

one is easily deceived into replying by mail (which will obviously bounce from <noreply@codeberg.org>) if the sender's username is a nick you are familiar with. Especially, if your email client hides the actual email address from which it was sent.

To prevent such misunderstandings, I'd suggest to

  1. Set "Codeberg" as the sender in email notifications as also suggested in #1640.
  2. Be explicit about not being able to reply via mail. The template seems to cover the case of being able to reply by mail, but making explicit when you cannot reply by mail is probably even more important.
### Comment The [mail template used for (amongst other things) mention notification emails](https://codeberg.org/Codeberg-Infrastructure/forgejo/src/branch/codeberg-9/templates/mail/issue/default.tmpl) can be misleading recipients into thinking that they can reply to the mail (compare #1562) because the mentioning username appears as the email's sender even though it is sent from `<noreply@codeberg.org>` (see #1640). Upon receiving such an email ``` @userA mentioned you: @userB What's your take on xyz? --- View it on Codeberg.org. Codeberg e.V. – Arminiusstraße 2-4 – 10551 Berlin – Germany Registered at registration court Amtsgericht Charlottenburg VR36929. ``` one is easily deceived into replying by mail (which will obviously bounce from `<noreply@codeberg.org>`) if the sender's username is a nick you are familiar with. Especially, if your email client hides the actual email address from which it was sent. To prevent such misunderstandings, I'd suggest to 1. Set "Codeberg" as the sender in email notifications as also suggested in #1640. 2. Be explicit about not being able to reply via mail. The template seems to [cover the case](https://codeberg.org/Codeberg-Infrastructure/forgejo/src/commit/c89bca420e8bc017e0b597f6e577284ab6d72ebc/templates/mail/issue/default.tmpl#L86) of being able to reply by mail, but making explicit when you **cannot** reply by mail is probably even more important.

Opened an issue on forgejo/forgejo#7090, then closed it as it was succeeded by forgejo/forgejo#7095.

I think that forgejo/forgejo#7095 would sufficiently describe that an e-mail notification is an e-mail notification, and I reported the other part to the upstream Forgejo repository. Therefore, I'm closing this. If you disagree, ping me and I will reopen this.

Opened an issue on https://codeberg.org/forgejo/forgejo/issues/7090, then closed it as it was succeeded by https://codeberg.org/forgejo/forgejo/issues/7095. I think that https://codeberg.org/forgejo/forgejo/issues/7095 would sufficiently describe that an e-mail notification is an e-mail notification, and I reported the other part to the upstream Forgejo repository. Therefore, I'm closing this. If you disagree, ping me and I will reopen this.

As pointed out in the discussion in the forgejo issue tracker, the IMHO simplest way to resolve the confusion from misleading email notifications, would be to set the email From header appropriately.

According to the Internet Message Format RFC 5322

Normally, a mailbox is composed of two parts: (1) an optional display
name that indicates the name of the recipient (which can be a person
or a system) that could be displayed to the user of a mail
application, and (2) an addr-spec address enclosed in angle brackets
("<" and ">").

As you can see from the attached screenshots (of the email notification and a reply draft), the current Codeberg email notification setup does not compy with this, as I (puer-robustus) am most certainly not the recipient of <noreply@codeberg.org>.

@n0toose Wdyt? Does this warrant re-opening the issue?

As pointed out in the [discussion in the forgejo issue tracker](https://codeberg.org/forgejo/forgejo/issues/7090), the IMHO simplest way to resolve the confusion from misleading email notifications, would be to set the email `From` header appropriately. According to the [Internet Message Format RFC 5322](https://datatracker.ietf.org/doc/html/rfc5322#section-3.4) > Normally, a mailbox is composed of two parts: (1) an optional display > name that indicates the name of the recipient (which can be a person > or a system) that could be displayed to the user of a mail > application, and (2) an addr-spec address enclosed in angle brackets > ("<" and ">"). As you can see from the attached screenshots (of the email notification and a reply draft), the current Codeberg email notification setup does not compy with this, as I (`puer-robustus`) am most certainly not the recipient of `<noreply@codeberg.org>`. @n0toose Wdyt? Does this warrant re-opening the issue?
Sign in to join this conversation.
No Branch/Tag specified
main
No results found.
Labels
Clear labels
accessibility

Reduces accessibility and is thus a "bug" for certain user groups on Codeberg.
bug

Something is not working the way it should. Does not concern outages.
bug
infrastructure
Errors evidently caused by infrastructure malfunctions or outages
Codeberg

This issue involves Codeberg's downstream modifications and settings and/or Codeberg's structures.
contributions welcome

Please join the discussion and consider contributing a PR!
docs

No bug, but an improvement to the docs or UI description will help
duplicate

This issue or pull request already exists
enhancement

New feature
infrastructure

Involves changes to the server setups, use `bug/infrastructure` for infrastructure-related user errors.
legal

An issue directly involving legal compliance
licence / ToS

involving questions about the ToS, especially licencing compliance
please chill
we are volunteers
Please consider editing your posts and remember that there is a human on the other side. We get that you are frustrated, but it's harder for us to help you this way.
public relations

Things related to Codeberg's external communication
question

More information is needed
question
user support
This issue contains a clearly stated problem. However, it is not clear whether we have to fix anything on Codeberg's end, but we're helping them fix it and/or find the cause.
s/Forgejo

Related to Forgejo. Please also check Forgejo's issue tracker.
s/Forgejo/migration

Migration related issues in Forgejo
s/Pages

Issues related to the Codeberg Pages feature
s/Weblate

Issue is related to the Weblate instance at https://translate.codeberg.org
s/Woodpecker

Woodpecker CI related issue
security

involves improvements to the sites security
service

Add a new service to the Codeberg ecosystem (instead of implementing into Gitea)
upstream

An open issue or pull request to an upstream repository to fix this issue (partially or completely) exists (i.e. Gitea, Forgejo, etc.)
wontfix

Codeberg's current set of contributors are not planning to spend time on delegating this issue.
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Codeberg/Community#1762
Reference in a new issue
Codeberg/Community
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?