github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-10 13:56:06 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

E-Mail headers with @ trigger some spam filters #12459

New Issue
Closed
opened 2025-11-02 10:10:26 -06:00 by GiteaMirror · 2 comments
GiteaMirror commented 2025-11-02 10:10:26 -06:00
Owner
Copy Link

Originally created by @techknowlogick on GitHub (Feb 9, 2024).

image

Originally posted in https://github.com/go-gitea/gitea/issues/28981#issuecomment-1933849723

cc: @wxiaoguang @gwymor

Originally created by @techknowlogick on GitHub (Feb 9, 2024). ![image](https://github.com/go-gitea/gitea/assets/2114189/1d632dd7-8c9d-4cfc-b934-504607f8e402) _Originally posted in https://github.com/go-gitea/gitea/issues/28981#issuecomment-1933849723_ cc: @wxiaoguang @gwymor
GiteaMirror added the type/bug label 2025-11-02 10:10:26 -06:00
GiteaMirror commented 2025-11-02 10:10:28 -06:00
Author
Owner
Copy Link

@techknowlogick commented on GitHub (Feb 9, 2024):

pinging @pat-s too.

below quote is from @gwymor in linked issue

What displays that message? Are you aware of email providers/stacks that will take that as a sign of spam/phishing and flag the message? I would hope nothing would make that mistake as there's no user-part before the @.
If email providers do, we should probably drop the @, and display the sender as Display Name (username).
When a user has no display name the sender currently falls back to @username. If we change that to just username, I'm afraid that doesn't make it clear enough that this is a username that cannot be spoofed (aside from inspecting the X-Gitea/GitHub-Sender headers, which I think is too much to require a user to do in a spoofing attempt) -- you can't easily tell the difference between a post-1.22 Gitea sending a username, and a pre-1.22 Gitea sending a displayname that looks like a username. We could remove the fallback code, and always show Display Name (username), which will fall back to username (username). That would be more consistent and easy to verify at a glance, but perhaps noisy.

@techknowlogick commented on GitHub (Feb 9, 2024): pinging @pat-s too. below quote is from @gwymor in linked issue > What displays that message? Are you aware of email providers/stacks that will take that as a sign of spam/phishing and flag the message? I would hope nothing would make that mistake as there's no user-part before the @. > If email providers do, we should probably drop the @, and display the sender as Display Name (username). > When a user has no display name the sender currently falls back to @username. If we change that to just username, I'm afraid that doesn't make it clear enough that this is a username that cannot be spoofed (aside from inspecting the X-Gitea/GitHub-Sender headers, which I think is too much to require a user to do in a spoofing attempt) -- you can't easily tell the difference between a post-1.22 Gitea sending a username, and a pre-1.22 Gitea sending a displayname that looks like a username. We could remove the fallback code, and always show Display Name (username), which will fall back to username (username). That would be more consistent and easy to verify at a glance, but perhaps noisy.
GiteaMirror commented 2025-11-02 10:10:28 -06:00
Author
Owner
Copy Link

@github-actions[bot] commented on GitHub (Feb 28, 2024):

Automatically locked because of our CONTRIBUTING guidelines

@github-actions[bot] commented on GitHub (Feb 28, 2024): Automatically locked because of our [CONTRIBUTING guidelines](https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md#issue-locking)
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label type/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#12459
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?