×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: Notify mails sent to wrong recipient

Notify mails sent to wrong recipient 13 years 7 months ago #11998

  • Lama
  • Lama's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
  • Posts: 4
  • Thank you received: 0
My site doesn't allow registrations so all comments are made by visitors.
Now some visitors are contacting me asking why they have received confirmation of a new comment to their mails regarding another visitors comment.

When i look at the info in these mails the author email is mumbo jumbo and notify is set to yes. So it seems that when someone comments using a phony email the confirmation somehow ends up in another commenting visitors inbox. My users are now questioning the security of my site. :(

Notify mails sent to wrong recipient 13 years 7 months ago #11999

  • Daniel Dimitrov
  • Daniel Dimitrov's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 9618
  • Karma: 155
  • Thank you received: 1081
Hey Lama,
What do you mean with mumbo jumbo? And it is actually not possible for an user to get a mail when he have entered wrong email.
Could you try to explain the problem again in another way? Perhaps I didn't understand you.

Notify mails sent to wrong recipient 13 years 7 months ago #12010

  • Nils Ally
  • Nils Ally's Avatar
  • Offline
  • Gold Boarder
  • Gold Boarder
  • Posts: 299
  • Thank you received: 33
It sounds to me like the problem here is basically that some people are using the commenting system, to post their comments, and are entering a "mumbo jumbo" (false) mail account... seeing as they need not be registered on your site to post comments, they can type in anything in that field, as long as they pass the CAPTCHA system.
But they must be REAL people for it to work.

Once a person has posted a comment, then it will (of course) be notified to the others that have posted their real mail address, and checked the Notify box. The fact that the mail sending came from a comment that has been written by someone with a mumbo jumbo mail address is not a security issue. -it is still a real person.
I mean, (as long as I've understood this correct), the system cannot determin whether an entry is a good one, or an idiot.
So people will be notified in their INBOX regardless of what kind of posting is made.

My site allows ONLY registered users to post comments... and even then some people just love to post weird comments. Ok, I chuckle a bit etc, but I haven't seen a single spam or some indication that it is a security issue at work.

Or do you mean that people MUST pass an E-mail verification first, prior to posting?
And are somehow getting around this?

Notify mails sent to wrong recipient 13 years 7 months ago #12011

  • Lama
  • Lama's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
  • Posts: 4
  • Thank you received: 0
User A posts a comment with fake email and notify ON.
User B have commented the same article using real email.
User B receives confirm mail regarding User A comment.

The mail:

Subject: "PublishedComment: has been published"

The following comment has been published
from www.my-site.com/administrator/ :

Name: User A
Title:
Text: Blablablablabla
Content item: www.my-site.com/blablablabla

Please do not respond to this message as it is automatically generated and is for information purposes only.

Notify mails sent to wrong recipient 13 years 7 months ago #12014

  • Daniel Dimitrov
  • Daniel Dimitrov's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 9618
  • Karma: 155
  • Thank you received: 1081
Lama, so how do you propose to change this?
The only way I see for you is to enable akismet support - it will catch a lot of spam comments and won't publish them - if they are not published the user is not going to get any notification on new e-mail.

Or to just approve each e-mail. What other approach do you suggest to this issue?

Kind regards,
Daniel

Notify mails sent to wrong recipient 13 years 7 months ago #12015

  • Lama
  • Lama's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
  • Posts: 4
  • Thank you received: 0
Daniel,
Akismet is enabled. And I am not talking about spam. I only said that user A used fake email not that he/she is a spammer.
But I'm still not sure if this is a bug since I don't fully understand this component yet. Is the mail sent to user B an error or is it just a notification that user A has commented the same article as B?

Do you understand my problem now?

Notify mails sent to wrong recipient 13 years 7 months ago #12021

  • Daniel Dimitrov
  • Daniel Dimitrov's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 9618
  • Karma: 155
  • Thank you received: 1081
It is just a notification that userB has commented to an article.
The notification is sent on behalf on your site's email - that is why you don't need to enter an valid e-mail address there. Even if an user makes a mistake and enters a wrong email there, the other users will be still notified of the new comment.
This is the way it works and I don't think that it is a security issue, if I am wrong please correct me.
  • Page:
  • 1
Time to create page: 0.113 seconds