Community health initiative/Do more to avoid disclosing the email address of users
This page documents a feature the Wikimedia Foundation's Anti-Harassment Tools team may build. Development of this feature has not been decided or prioritized.
🗣 We invite you to join the discussion!
The WMF's Anti-Harassment Tools team are considering a system that does not expose email addresses via Special:EmailUser. This feature aims to protect users from off-wiki harassment.
How Special:EmailUser currently works
Send emails via the "Email this user" link on user pages, which uses Special:EmailUser, easily reveals the email addresses of both users.
For example, if User:Apples and User:Bananas both have confirmed their email addresses as applesgmail.com and bananasgmail.com, and they both have the "allow other users to email me" preference enabled, they can use Special:EmailUser to send each other emails.
- If Apples sends Bananas an email, the mail is sent from wikiwikimedia.org directly to bananasgmail.com, and the reply-to address is set as applesgmail.com. At this point Bananas has Apples' email address.
- If Apples replies, the email is sent from applesgmail.com to bananasgmail.com. At this point both users have each other's email addresses.
This is a problem because malicious users can use the user's email address to harass the other user.
Requests from the community
This functionality has already been requested and discussed in 2017 Community Wishlist Survey/Anti-harassment/Allow a second email address and 2016_Community_Wishlist_Survey/Categories/Miscellaneous#Provide_a_dummy_email_address
Proposal 1: Allow a second email address
- Allow users to have one email address for password resets and watchlist notifications, and another just for Special:EmailUser emails
Proposal 2: 2-way Email Relay (aka aliases)
- Use a system like Craigslist, which obfuscates the email addresses of both parties.
We invite you to join the discussion on the talk page!