Page MenuHomePhabricator

Don't count "Cc:" as a legitimate recipient if the user who has "" attached to their account has not verified the address

Authored by epriestley on Jun 19 2019, 6:15 PM.



Fixes T13317. On, an enterprising user added to their account. This caused them to become CC'd on several support issues over the last year, because we send mail "From" this address and it can get CC'd via reply/reply all/whatever else.

The original driving goal here is that if I reply to a task email and CC you on my reply, that should count as a CC in Phabricator, since this aligns with user intent and keeps them in the loop.

This misfire on noreply@ is ultimately harmless (being CC'd does not grant the user access permission, see T4411), but confusing and undesirable. Instead:

  • Don't allow reserved addresses ("noreply@", "ssladmin@", etc) to trigger this subscribe-via-CC behavior.
  • Only count verified addresses as legitimate user recipients.
Test Plan
  • Added a bin/mail receive-test --cc ... flag to make this easier to test.
  • Sent mail as bin/mail receive-test --to X --as alice --cc Bailey was CC'd both before and after the change.
  • Sent mail as bin/mail receive-test --to X --as alice --cc, an address which Bailey has added to her account but not verified.
    • Before change: Bailey was CC'd on the task anyway.
    • After change: Bailey is not CC'd on the task.

Diff Detail

rP Phabricator
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

epriestley created this revision.Jun 19 2019, 6:15 PM
epriestley requested review of this revision.Jun 19 2019, 6:17 PM
epriestley added inline comments.Jun 19 2019, 6:22 PM

This has no callers.


This has only one caller, loadAllRecipientPHIDs().

amckinley accepted this revision.Jun 19 2019, 7:27 PM
This revision is now accepted and ready to land.Jun 19 2019, 7:27 PM