search

readthedocs / readthedocs.org

The source code that powers readthedocs.org
https://readthedocs.org/
MIT License
7.98k stars 3.57k forks source link

`Verify Email` link contains phishing (?) link #6134

Closed xobs closed 5 years ago

xobs commented 5 years ago

Details

Expected Result

I received an email that contained the text To verify your email address and finish setting up your account, please go to: https://readthedocs.org/accounts/confirm-email/..., but the actual link is completely different.

Actual Result

If you click on the link, it takes you to the very spammy-looking URL https://u11967345.ct.sendgrid.net/wf/click?upn=.... My email client flags this out as being fraudulent, because the domain name in the link doesn't match the domain name in the address, nor does it match the actual contents of the link.

stsewd commented 5 years ago

Do you have the email of the sender? Did you request the email verification?

stsewd commented 5 years ago

I just tested the email verification. It gives this link, but the actual link is https://u11967345.ct.sendgrid.net/wf/click?upn=gAU4-2Btfh-... Screenshot_2019-09-04 Verify your email address - stsewd gmail com - Gmail

nor does it match the actual contents of the link.

For me it redirects to the confirmation page.

I'll investigate why it links to other domain

davidfischer commented 5 years ago

This is most likely added automatically by our mail provider to track clicks on links. I don't think we need or want this.

ericholscher commented 5 years ago

I've now turned off all tracking in our email settings. It was previously tracking link clicks and mail opens, which seems like a terrible default :(

stsewd commented 5 years ago

Just checked, it links to the correct domain now.

davidfischer commented 5 years ago

Thanks for the report @xobs and keep up all the good work on Fomu and Novena!