User Tools
- Logged in as: anonymous (anonymous)
- Log Out
mantisbt:reporting_via_email
This is an old revision of the document!
Reporting via Email
Challenges
- Keeping track of who reported an issue.
- Making sure we don't open Mantis to spam.
- Making sure that users don't spoof the email FROM address to impersonate other users.
- Support different types of email formats and protocols (e.g. POP3).
- Making sure a company keeps control on the issues in their bug tracker (i.e. make sure no one can report a single issue that has viagra links). A company doesn't want their customers to login to their bugtracker and find porn and viagra related issues.
Brainstorming
- Support some sort of way to annotate email messages (e.g. setting attributes other than summary, description and project).
- Disallow/allow unknown users from submitting issues
- Unknown users should require a reply validation hash to prevent spamming of the issue tracker.
- The reporting by email feature should be disabled by default.
- Ability to retrieve email messages from POP3 accounts.
- Support for one email account per project or one for all projects.
- Use one dummy account to associate with all emails, in this case the originating email address should be included in the issue description.
- When an event triggers a notification to the reporter of the issue, this should cause an email to be sent to the email address from which the issue was reported. This should be independent of whether we set the reporter as a dummy account or a real account.
- If a user replies to a notification related to an issue, then the new part in the reply should be added as a note. Inline, replies are not supported. Hence, the note will be extracted from the top of the message.
- Erring on the side of caution, if there are inline replies, the entire message should be stored.
- Attachments to emails or replies to notifications should be added as attachments.
- Handle mime/multi-part emails.
- Support looking up a Mantis account based on an email. If an account if found use it, otherwise, there should be an option to reject the email or auto-create the account.
- In the case where there are multiple users with the same email, then we should do the following:
- Filter out the accounts appropriate access to report the issue to the target project.
- Prefer accounts that were used to logged in rather than the ones that never logged in.
- Select the account with least privilege, this is to handle the scenario where a user has an administrator and a developer or manager account.
- When a user reports an error via email, a confirmation email should be sent to the originating email address.
- An idea to avoid spam is to send back an email that requests a certain interaction that the user needs to do. This would probably stop bots but not manual spamming.
- Submissions from unregistered users:
- For unverified email addresses, put submissions in holding queue
- Email address verification through confirmation email or PGP signature (if message was signed)
- Restrict anonymous notes/attachments to the original submitter
- Using a catch-all email address, route email by destination address:
- new@bugs.mantisbt.org - creates a new bug (default project)
- project@bugs.mantisbt.org - creates a new bug in that project, default category
- project.category@bugs.mantisbt.org - creates a new bug in that project and category
- substitute space for underscore character appearing in name, e.g., Feature_Requests becomes “Feature Requests”
- 123@bugs.mantisbt.org - comments and attachments to issue 000123
- permits email conversation by replying to (or CC'ing) 123@bugs.mantisbt.org
- simplifies code for email-to-bugid lookup (performance)
- explicit references handles cases where subject line is changed/removed
mantisbt/reporting_via_email.1165764298.txt.gz · Last modified: 2008/10/29 04:31 (external edit)
