Comment 18 for bug 1589693
Revision history for this message
| Andy Brody (abrody) wrote Re: Make Launchpad DMARC Compliant to avoid Launchpad mail considered spam | #18 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Launchpad is really completely in the wrong here as far as DMARC compliance for its notification email is concerned.
The same rules apply to Facebook, GitHub, and any other site on the Internet. If the user's domain doesn't list you as an authorized sender, you shouldn't be impersonating them with the "From:" address.
Launchpad isn't somehow special here. Launchpad's email notices are indistinguishable from malicious forgery.
I was also very unpleasantly surprised that in addition to violating my domain's DMARC policy, Launchpad is disclosing my private email address despite my having checked the "Hide my email addresses from other Launchpad users" option.