Page MenuHomePhabricator

Don't count "Cc: x@y.com" as a legitimate recipient if the user who has "x@y.com" attached to their account has not verified the address
ClosedPublic

Authored by epriestley on Jun 19 2019, 6:15 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Nov 25, 2:38 PM
Unknown Object (File)
Wed, Nov 20, 11:33 PM
Unknown Object (File)
Sun, Nov 17, 8:28 AM
Unknown Object (File)
Sat, Nov 9, 3:34 PM
Unknown Object (File)
Oct 21 2024, 10:15 AM
Unknown Object (File)
Oct 14 2024, 8:51 PM
Unknown Object (File)
Oct 7 2024, 3:27 PM
Unknown Object (File)
Oct 4 2024, 5:58 PM
Subscribers
None

Details

Summary

Fixes T13317. On admin.phacility.com, an enterprising user added noreply@admin.phacility.com to their account. This caused them to become CC'd on several support issues over the last year, because we send mail "From" this address and it can get CC'd via reply/reply all/whatever else.

The original driving goal here is that if I reply to a task email and CC you on my reply, that should count as a CC in Phabricator, since this aligns with user intent and keeps them in the loop.

This misfire on noreply@ is ultimately harmless (being CC'd does not grant the user access permission, see T4411), but confusing and undesirable. Instead:

  • Don't allow reserved addresses ("noreply@", "ssladmin@", etc) to trigger this subscribe-via-CC behavior.
  • Only count verified addresses as legitimate user recipients.
Test Plan
  • Added a bin/mail receive-test --cc ... flag to make this easier to test.
  • Sent mail as bin/mail receive-test --to X --as alice --cc bailey@verified.com. Bailey was CC'd both before and after the change.
  • Sent mail as bin/mail receive-test --to X --as alice --cc unverified@imaginary.com, an address which Bailey has added to her account but not verified.
    • Before change: Bailey was CC'd on the task anyway.
    • After change: Bailey is not CC'd on the task.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable