mail
mail copied to clipboard
nextcloud
Avoid BCC fail by warning when nextcloud groups are adressed
It's very useful to be able to put nextcloud groups in the recipients fields.
It would be great to have kind of a warning when nextcloud groups are put in the 'To:' or 'CC' field.
It might seem logical but it's not visible that all mails are listed.
We just had an incident where a big group of people received an e-mail with visible adresses.
Thanks for the great work!!
I'm not sure about this one. I do understand the problem. But that is how cc/bcc work. We could have some kind of tooltip on the abbreviations that explain what those mean for the users that are not so tech savvy. But unsure if that will help with this.
@jancborchardt any ideas?
It seems the issue is not so much that people don’t know what Cc and Bcc does, but rather that they see the group name only, while the recipient sees all the individual mails and names. Yes this is of course how email works, but we could improve the information symmetry here. :)
It might seem logical but it's not visible that all mails are listed.
Right, so at some point didn’t we automatically expand all the group members? So as soon as you selected the group in the dropdown, all members of that group were added? This is quite straightforward. It’s a mess to undo though, but we could have some logic like "when unchecking, remove all the members of that group"?
We could have some kind of tooltip on the abbreviations that explain what those mean for the users that are not so tech savvy.
We did call it "Copy" and "Blind copy" (which was reverted as per https://github.com/nextcloud/mail/issues/2531 though) – this is also how macOS Mail I think at some point called it.
Fair enough.
Right, so at some point didn’t we automatically expand all the group members? So as soon as you selected the group in the dropdown, all members of that group were added?
Nope. Don't think we had that. It was always expanded on the server.
It seems the issue is not so much that people don’t know what Cc and Bcc does, but rather that they see the group name only, while the recipient sees all the individual mails and names. Yes this is of course how email works, but we could improve the information symmetry here. :)
This is exactly why I messed up. :) It won't happen again to me, but I can imagine that other people might make the same mistake.
It would be great to have some kind of visual notification... I find it as an enhancement to data privacy, too.
Nope. Don't think we had that. It was always expanded on the server.
So what do you think about the proposal to expand it in the frontend already?
Ok – then I would say we should do it like that as a first step towards fixing the confusion. :)
I am not in favour of doing it in the front-end. Like it had been said before, it's a mess to undo. But someone might want to add multiple groups to the recipient list and if the would get expanded immediately, there would be no overview of which groups would be addressed. We use the mail feature to share drafts as well. If the groups where expanded before the draft would be saved, a second person wouldn't know what the intended target group of the author was.
I am in favour of the original suggestion to add a warning. This has the added benefit of being able to do 2 things.
- Explain the feature regarding of the expansion of addresses
- Give a warning of the privacy implications as long as there are groups in TO or CC.
I had a banner over or under the recipient inputs in mind, with warning colouring. Saying something like:
The groups will be replaced by the email addresses of their members upon sending the email. All recipients will be able to see all addresses, if you don't move them to BCC.
A button to do so quickly would also be nice:
"Move all groups to BCC"
@SimJoSt sounds good! :) Do you want to submit a pull request for that?
Improved wording:
Groups are replaced by the email addresses of their members when sending. All recipients can see all addresses unless they are in Bcc.
And the warning should show when groups are either in "To" or "Cc", but not when in "Bcc" of course.
@jancborchardt good work on the more concise wording. I like it đź‘Ť Didn't want to invest too much time if the suggestion would have been rejected.
I am not a developer per say, but have quite good and broad understanding of technology and programming. As this will only add to existing code and will borrow from established templates I would classify this as a "good first issue". Still, I won't know if I'll manage or find the time soon. I'll keep it on my radar and see what I can do.
As I am in direct contact with @splashote I might ask him to remind me regularly 🙂
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
Still, I won't know if I'll manage or find the time soon. I'll keep it on my radar and see what I can do.
Hey @SimJoSt, is this still on your radar? As it's getting stale, perhaps you want to remove your assignment?
It's still on my radar, but I definitively won't be able to get around to it before the middle of August. I'm ok with releasing the issue and picking it back up, if nobody took to to it until I find the time.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.