Bug 700478

Summary:	Adresses has been leaked to spammers
Product:	Gentoo Infrastructure	Reporter:	Mark Nowiasz <mark+gentoobugs>
Component:	Bugzilla	Assignee:	Bugzilla Admins <bugzilla>
Status:	RESOLVED CANTFIX
Severity:	normal
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Mark Nowiasz 2019-11-18 12:57:36 UTC

I'm using for each site a different email address (in this case: mark+gentoo@nowiasz.de) which I only used for that specific site for a couple of reasons. One of the reason is to detect if my adress has been leaked. 

Well, today I got a spam directed to the address:

----------------8<---------------------------_
Return-Path: <Accounts@hsbc.com>
Delivered-To: mark+gentoo@nowiasz.de
Received: from hsbc.com (hwsrv-638638.hostwindsdns.com [142.11.210.67])
	by jupiter.midworld.de (Postfix) with ESMTP id 8558F9D2287
	for <mark+gentoo@nowiasz.de>; Mon, 18 Nov 2019 12:27:47 +0100 (CET)
From: Accounts@hsbc.com
To: mark+gentoo@nowiasz.de
Subject: PAYMENT ORDER
Date: 18 Nov 2019 03:27:39 -0800
Message-ID: <20191118032739.FD48F0CE4CE01EC3@hsbc.com>
MIME-Version: 1.0
--------------------8<-------------------

So I guess there's a leak somewhere. As stated above, I uses this specific addrress only for gentoo's bugzilla.

Reproducible: Always

Comment 1 Sven Wegener gentoo-dev

2019-11-18 13:27:12 UTC

That's probably your leak: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ba20123fc43fc66d5151005ae529163ac030db3

Comment 2 Mark Nowiasz 2019-11-18 13:33:01 UTC

(In reply to Sven Wegener from comment #1)
> That's probably your leak:
> https://gitweb.gentoo.org/repo/gentoo.git/commit/
> ?id=7ba20123fc43fc66d5151005ae529163ac030db3

Ah, thanks - that makes sense. Well, fortunately it's easy to a) block the leaked address and b) use another one.

Thanks for the info!