Bug 71882

Summary: Requiring contributors to send a license statement to the "libreoffice" mailing list opens up phishing and spam opportunities
Product: LibreOffice Reporter: Jeff Fortin Tam <nekohayo>
Component: LibreOfficeAssignee: Not Assigned <libreoffice-bugs>
Status: NEW ---    
Severity: enhancement CC: buzea.bogdan, robinson.libreoffice, xiscofauli
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
Crash report or crash signature: Regression By:
Bug Depends on:    
Bug Blocks: 143781    
Attachments: screenshot
the offending phishing email

Description Jeff Fortin Tam 2013-11-21 16:10:52 UTC 
Created attachment 89596 [details]
screenshot

In bug #33600 I was requested to send a license statement to libreoffice@

The problem is that doing so gets you a nice phishing email as a reply. Almost fell for it.

Is there anything the LibreOffice project could do to protect against fraud attempts like these?
Comment 1 Jeff Fortin Tam 2013-11-21 16:13:21 UTC 
Created attachment 89598 [details]
the offending phishing email

This sample mail can be opened with a text editor or imported into a mail client such as Evolution or Thunderbird for inspection.
Comment 2 Robinson Tryon (qubit) 2013-11-24 22:19:07 UTC 
(In reply to comment #0)
> Created attachment 89596 [details]
> screenshot
> 
> In bug #33600 I was requested to send a license statement to libreoffice@

Here's the suggested protocol:
https://wiki.documentfoundation.org/Development/Developers#Developers_and_Contributors_list

> 
> The problem is that doing so gets you a nice phishing email as a reply.
> Almost fell for it.

Sorry about that.

> Is there anything the LibreOffice project could do to protect against fraud
> attempts like these?

It might be considered acceptable for you to send your Contributor's Statement to a private TDF address rather than the public mailing list (e.g. info@documentfoundation.org), however any commits you make will have an email address in them, as will any posts to the mailing lists, so your email address will still be publicly accessible to spammers.

Any suggestions on how we might beef-up our defenses here?

Status -> NEW
(This is an enhancement)
Comment 3 Tae-Wong Seo 2013-12-03 10:29:56 UTC Comment hidden (obsolete)
Comment 4 Robinson Tryon (qubit) 2013-12-03 16:04:18 UTC Comment hidden (obsolete)
Comment 5 Timur 2020-08-02 13:12:59 UTC 
Xisco please see this one.