The email code doesn't update the image. October 16, 2007 7:43 AM   Subscribe

The new graphic email code is broken.

My original email was listed as something weird, but I've lost it in my subsequent changes, and it wasn't cached anywhere that I can find. It was something pretty close to:

"m;eta!^filter at m&al_or dot cawm (remove all punctuation, fix cawm)"

which seemed to work nicely for spam prevention: I wasn't, for instance, wendelled.

The new code breaks on that text. It appears you are assuming a well-formed email address, which is a bad idea when the field will accept anything, and so many people have obfuscated their addresses.

Further, it won't update, so that even though I've put a 'proper' email in the field, it's displaying the same broken image.

In case it updates on its own, I've put the broken email image here.

I would prefer to see this returned to the old method, just with a warning to obfuscate email addresses. OCR is very easy to do on such a regular image, and I don't want to be wendelled, but I DO want to get email from people who need to reach me.
posted by Malor to Bugs at 7:43 AM (215 comments total)

Bigger problem: There's no security on those images restricting them to members. Anyone can go directly to the image path (they aren't hard to guess) and see the addresses, whether or not they're logged in.
posted by Partial Law at 7:55 AM on October 16, 2007


Heh. Even if you disagree with Malor's other criticisms, the guessable URLs really need to be fixed soon.
posted by Aloysius Bear at 8:07 AM on October 16, 2007


Hm, yeah, there should be a check on the images so that they're served only to people logged in.
posted by Tuwa at 8:11 AM on October 16, 2007


It apparently takes awhile to regenerate the image: I just changed my email address; it told me my changes were saved; re-editing my profile shows that they *were* saved; the image is the same.

Matt, Is the image generation on a cronjob. Just curious how long it takes.
posted by Tuwa at 8:15 AM on October 16, 2007


I like the way the ExpressionEngine, a CMS package, handles emailing users. Once you're logged in, you click on the email link in a user's profile and are presented with a form for emailing the user. The actual email link does NOT show the user email ever, whether you're logged in or not, nor does the sender ever see the recipient's email. If you're not logged in, you're presented with the option to login or register. I don't think the form checks for whether the email actually exists though. Doing anything similar here sounds like a major coding job though.

After the wendell episode, I stopped listing my email address in my profile and made up a contact form, which I link to on my profile homepage.
posted by Brandon Blatcher at 8:21 AM on October 16, 2007


Yeah; mine appears to have the "@______.net" part stripped out as well.
posted by yhbc at 8:29 AM on October 16, 2007


Wth? When did we get this? What was wrong with the previous way? Anyone have a link to the MeTa thread where this came up? I've seen the wtf wendell thread but assume this is announced elsewhere.
posted by dobbs at 8:32 AM on October 16, 2007


I'm pretty sure this would have been implemented sometime in the last few days, and I don't remember seeing an announcement about it either.
posted by Malor at 8:37 AM on October 16, 2007


Nitpicky but the font used in the image creation is jarringly different than the rest of the page.

Also it has broken the suggestion I had to herrdoktor to have the FPS server login info in his email field.
posted by Mitheral at 8:40 AM on October 16, 2007


A few things:

- The old way of just replacing the @ and . symbols was incredibly easy to scrape. I can barely program and I could have written an email harvester for mefi in about ten minutes.

- For people with fake emails in their profile, they can't get their password emailed to them. We're redoing the entire user system and will be requiring working emails for a lot of it (like password changing via form, optionally emailing you when someone adds you as a contact, etc). So, we instituted an email authentication system to ensure no more fake emails get into the db.

- images are much less easier to scrape than simple text. The chances that someone would pay for a login, then write an OCR bot, then suck down thousands of profiles in order to get emails seems laughable to me.

- bottom line is that this is better than what we had before, but we can do better. I'll instead propose wiping out email entirely, and going with a contact form (with a CAPTCHA to prevent bot spam).
posted by mathowie (staff) at 9:10 AM on October 16, 2007


Also:

- this has nothing to do with Wendell emailing anyone. Wendell is a human and not a bot, so I'm sure he could figure out Malor's email no matter how obscure he got with it. This is all about how to let members contact each other without exposing us to additional spam, and a non-scrapable image seemed a lot better than simple text.
posted by mathowie (staff) at 9:12 AM on October 16, 2007


Wendell is a human and not a bot

That's what you think!
posted by ThePinkSuperhero at 9:22 AM on October 16, 2007 [6 favorites]


I just removed emails entirely from all profiles and we'll do a contact from instead today (and delete all the created images). It was better than what we had before but it can be improved upon.
posted by mathowie (staff) at 9:22 AM on October 16, 2007


Matt,

You're wrong, it's ALL about Wendell. His energy surrounds us and binds us. Luminous beings are we, not this crude matter. You must feel the Wendell around you; here, between you, me, the tree, the rock, everywhere, yes. Even between the land and the ship.
posted by Brandon Blatcher at 9:23 AM on October 16, 2007


Please, no feeling Wendell during work hours.
posted by blue_beetle at 9:25 AM on October 16, 2007


I HAVE A WENDELL. IN MY PANTS.
posted by quonsar at 9:40 AM on October 16, 2007 [3 favorites]


...and I don't want to be wendelled

6/15 NEVAR FORGET
posted by mullacc at 9:45 AM on October 16, 2007 [2 favorites]


Matt do you think you could eventually have a free form text field that is only visible to logged in members? Something like the "blurb about you". People could put an obfuscated email address in there if they wanted or other stuff like the FPS password.
posted by Mitheral at 9:47 AM on October 16, 2007 [1 favorite]


Seconding Mitheral's idea for member only text field or area.
posted by Brandon Blatcher at 9:51 AM on October 16, 2007


Matt do you think you could eventually have a free form text field that is only visible to logged in members?

Nope, instead we'll be doing an in-mefi messaging system, kind of like flickr's, so you don't need to know anyone's email.

For weird gaming servers, I'd say just put it in the about me field.
posted by mathowie (staff) at 9:54 AM on October 16, 2007


Wendell is a human and not a bot

I'm guessing you've never seen him dance.
posted by Alvy Ampersand at 10:16 AM on October 16, 2007


Wendell is a human and not a bot, so I'm sure he could figure out Malor's email no matter how obscure he got with it.

Well, of course, but the idea is that it can't be automated; if he wants to blast 20,000 emails, he can, but he has to work a little harder to include me. If he's willing to put in that much effort, I can live with the email. (if I couldn't, I just wouldn't list anything.)

OCR can be automated; de-obfuscation mostly requires a human.

Your ultimate solutions sound like they'll work fine, and I'm glad it's an ongoing thing. This interim step ... um, well, it's not too great.

One simple way to deal with the problem would be to have separate fields for public and private email addresses. PHPBB does it that way, seems to work fine. The existing field can be the public one.
posted by Malor at 10:18 AM on October 16, 2007


On a related note, we're now requiring email verification when you change your email address in your profile. Click Preferences in the header to check it out. From there click "change email", and your address will be updated after you verify that it's a real, working address. Going forward this will help with password recovery and internal messaging like matt mentioned.
posted by pb (staff) at 10:20 AM on October 16, 2007


Wendell is a human and not a bot

Wendell never says yes, he just says "Affirmative".
posted by inigo2 at 10:21 AM on October 16, 2007


If he's willing to put in that much effort, I can live with the email. (if I couldn't, I just wouldn't list anything.)

Maybe he'll only email you. That would be even easier.
posted by smackfu at 10:37 AM on October 16, 2007


password changing via form

Heresy!

Next thing you know we'll have nested comments, karma, embedded midi, and flash ads. The end is near!

(You heard it here first, folks)
posted by ODiV at 10:42 AM on October 16, 2007


Wendell is a human and not a bot

Gentlemen, we can rebuild him: we have the technology.
posted by Blazecock Pileon at 10:47 AM on October 16, 2007 [1 favorite]


Cool, Matt and pb, that stuff would be really useful.
posted by Brandon Blatcher at 10:56 AM on October 16, 2007


Nope, instead we'll be doing an in-mefi messaging system, kind of like flickr's, so you don't need to know anyone's email.

Is this mockup still relevant? ? mathowie for taking this step, don't get drowned by the flood of haterade!
posted by prostyle at 10:57 AM on October 16, 2007


IN-MEFI messaging?! I'm so excited!!
(I don't know if I will use it, but it sounds exciting!)
posted by typewriter at 11:09 AM on October 16, 2007


People who don't want to get unsolicited emails from other MeFi users should not list their emails in their profiles. Period. Those who do want to get unsolicited emails from MeFi users should not complain when they get too many.

It surprises and disgusts me that people here are still trying to come up with technological solutions to prevent another Wendell Incident. It was a mildly funny and remarkably brief event. According to my archives, there were 31 emails in 6 hours, and then six days later there were 3 more in the space of 30 minutes. This is why we're making it harder for us to email each other?
posted by Plutor at 11:17 AM on October 16, 2007


(An in-MeFi messaging system, especially if it's made in the mold of Flickr's, is harder. Flickr sends me emails, which I can't reply to. I have to go to their site and hit reply. Please, Matt, if you make a form, please do it the way Brandon Blatcher suggests.)
posted by Plutor at 11:19 AM on October 16, 2007


My edress is gone.
posted by Cranberry at 11:26 AM on October 16, 2007


Yeah, it's pretty sad when sites think they can't get you to visit unless they force you.

Classmates.com has made this into an art form, because even when you visit, you can't see the stuff unless you pay.
posted by smackfu at 11:36 AM on October 16, 2007


eBay does this form thing right. The sender has the option to reveal or hide their email address and doesn't get access to the receiver's address even if they elect to get sent a cc. The cc to self is something I'd like the form to support especially.
posted by Mitheral at 11:43 AM on October 16, 2007 [1 favorite]


*makes note to self: 'send prostyle some haterade'*
posted by quin at 11:50 AM on October 16, 2007


Plutor, this has nothing to do with wendell, it's about keeping spammers as far from your actual email address as possible. A move to an in-site message system is to enable member-to-member communication without having to resort to actual emails, nor would you ever have to share your email with others.

The expression engine contact form is a half-solution requiring that both the sender and the receiver want to share their email addresses with each other and that both emails are working.
posted by mathowie (staff) at 11:53 AM on October 16, 2007


*shrug* I dunno 'bout the rest of y'all but my spam filters work just fine. I even have my email address en clair in a few places without being behind login.
posted by juv3nal at 11:53 AM on October 16, 2007 [2 favorites]


Can I please have a "show all profile details to everyone - even non-members" option? Hopefully with non-obfuscated emails?

Frankly I would rather just have it be fully public. I list my full, unobfuscated main email many places, and I rarely have any problems with spam. Gmail rocks, in that regard.

Granted, I just list some contacts in plaintext in the profile page anyway, but I'd prefer it if I didn't have to clutter my page with redundancy.
posted by loquacious at 11:56 AM on October 16, 2007 [2 favorites]


My edress is gone.

Mine is gone as well, though it still shows up in edit profile and the box is checked next to display.
posted by 6550 at 11:58 AM on October 16, 2007


6/15 NEVAR FORGET

15 - that's one of the Seussian months, Blumblurary or Newtober, right?
posted by bonehead at 12:18 PM on October 16, 2007


Cranberry and 6550, they're working on it.
posted by ALongDecember at 12:20 PM on October 16, 2007


15 - that's one of the Seussian months, Blumblurary or Newtober, right?

Are you making a date format joke? Because those are hilarious.
posted by mullacc at 12:26 PM on October 16, 2007 [3 favorites]


That's kinda weird, the verification email doesn't come from mefi.
posted by philomathoholic at 12:30 PM on October 16, 2007


6/15 NEVAR FORGET

Was it that long ago? I forgot.
posted by maxwelton at 12:35 PM on October 16, 2007


That's kinda weird, the verification email doesn't come from mefi.

and why does it want my bank details, PIN and mother's maiden name? And who is wendell@wendell.com...?
posted by patricio at 12:36 PM on October 16, 2007


Hush, it's just a jokemail.
posted by Brandon Blatcher at 12:53 PM on October 16, 2007


People who don't want to get unsolicited emails from other MeFi users should not list their emails in their profiles. Period. Those who do want to get unsolicited emails from MeFi users should not complain when they get too many.

From MeFi users is one thing, but there are many email-address harvesters out there. I don't know if they've ever hit MeFi, but let me tell you, they certainly do poll the rest of the web. I recently used a real email address in a submission to Debian Bugs, and I got a freaking avalanche of spam after that... even with all the multilayered protections I have, I still was seeing some. (jumped over a few days from 100ish to 400ish attempts a day.... 3 or 4 every day were getting through, where previously I'd gone months with maybe 1/week.)

It's just not a good idea to display your email address in a computer-parseable form. This image code thing is one way to try to avoid spam harvesters, but it's not terribly secure, and it breaks with the existing data, which is a bit of a head-scratcher. Adding a second field for 'real' email, and using the existing field as a public one, would have solved 99% of the spam problem in one shot, without breaking anything at all. From there, they could have implemented whatever other functions they wanted.

As is, if you obfuscated your email in any particular way, it doesn't show at all now.
posted by Malor at 1:44 PM on October 16, 2007


Here, I'm just going to post it again, just because:

MY EMAIL ADDRESS IS: jason23@gmail.com

Say hello to my spam-folder, harvester-bots!

Otherwise, feel free to email me. I don't get enough email from MeFi to really be worried about it. It's a very small fraction of my inbox, as I'm on about 20 high traffic arts-and-culture type lists, so a hundred or so emails in a day isn't unusual.

Again, I would appreciate an option that just sets my profile to "viewable by all" - members or not.
posted by loquacious at 2:01 PM on October 16, 2007


Malor, asking users for two email addresses is crazy and no sane easy-to-use system I am a part of has that option. I seriously doubt that it would simply solve "99% of the spam problem". I'm hiding emails until we finish the messaging system, which is progressing nicely and should be up and working in the most basic ways in a day or so.

The smartest spam-free system doesn't ever show your email address to anyone, and that's what we're shooting for here.
posted by mathowie (staff) at 2:06 PM on October 16, 2007


You mean MeFites will only be able to contact each other through this "messaging system"? No more e-mail at all? What if we forget to check the new system? Will it be obvious we have a message even if we don't visit our userpage (which I don't do for weeks at a time sometimes)? Like loquacious, I like getting mail from MeFites, and I don't like the idea of someone having something to say to me and not being able to reach me.
posted by languagehat at 2:18 PM on October 16, 2007


Malor: "From MeFi users is one thing, but there are many email-address harvesters out there. I don't know if they've ever hit MeFi, but let me tell you, they certainly do poll the rest of the web."

Correct me if I'm wrong, but before today, only other MeFi users would see your email address at all. Would a spammer spend five dollars on an email list on the order ot ten-thousand or so when they could easily get a billion for $6? (Which probably already includes half of the addresses here, mine included.)

loquacious: "Here, I'm just going to post it again, just because"

Thank you loq. My email address is log@plutor.org. Any emails that get through my bayesian filters (from the size of my spam folder lately, it looks like about one in a thousand) will just make those filters better. Any spammer that eventually circumvents the bayesian technique will just lead to better filtering techniques. I'd rather make it easier for real people to figure out how contact me and put the technological solution on my end, then make it a proprietary pain in the ass for them, and only a hair more difficult for the spammers.
posted by Plutor at 2:34 PM on October 16, 2007


Matt, can you please allow us to opt-out of the magic MeFi messaging form?
posted by Plutor at 2:35 PM on October 16, 2007


I like having emails in profiles.

Perhaps a simpler solution to the spam problem would be to hide email addresses by default but allow each user to see, say, one or two other users' email addresses per day.

Some tasty AJAX goodness would mean this would take only one more click to see someone's address than the current system. This seems to have all of the spam-killing advantages of the proposed mefi-mail system, with none of the extra effort for users. Collecting a list of users' emails of a worthwhile size for spamming would take years of effort — and could easily be prevented by adding another limit, like ten or twenty email addresses accessed per month.
posted by Aloysius Bear at 2:36 PM on October 16, 2007


What if we forget to check the new system? Will it be obvious we have a message

It will look like this, and be pretty obvious that you have a message waiting for you.

Anyone that wants to keep getting normal email is free to put their email address in their about me section.
posted by mathowie (staff) at 2:40 PM on October 16, 2007


It'd be cool if there was an AOL-like "You've got Metamail!" sample when bringing up the site.
posted by Blazecock Pileon at 2:49 PM on October 16, 2007


You've Got Meh-l.
posted by brain_drain at 2:52 PM on October 16, 2007 [1 favorite]


Now I'll just feel sad everytime it shows a "0" next to that little envelope.
posted by liquorice at 3:11 PM on October 16, 2007 [2 favorites]


Thanks for the pony Matt. I'd been thinking about creating an email address for Mefi only communications, but I'm glad I won't have to now. Hopefully this will reduce in thread flaming, bickering, and Meta callouts rather than exacerbate them. Hmmm.... you might want to implement a way to ignore or reject messages from specific users now though. If you wait I'm sure there are going to be some admin hassles related to death threats and bickering between users.
posted by BrotherCaine at 3:13 PM on October 16, 2007


yeah an "ignore mail from this user" is pretty much the first feature after sending and receiving is built.
posted by mathowie (staff) at 3:31 PM on October 16, 2007


Woah. Look at those pretty little boxes on the taglines. Edit? Delete? IP addresses?

*trembles with fear and excitement*
posted by loquacious at 3:38 PM on October 16, 2007


little boxes on the taglines
And they're all made out of ticky-tacky and they all look just the same.

posted by kirkaracha at 4:10 PM on October 16, 2007 [2 favorites]


Damn you Kirkaracha, I'm going to have that stupid tune in my head all day.
posted by BrotherCaine at 4:47 PM on October 16, 2007


I like metamail already. Nice screenshot Mathowie.
posted by special-k at 4:55 PM on October 16, 2007


Would a spammer spend five dollars on an email list on the order ot ten-thousand or so when they could easily get a billion for $6? (Which probably already includes half of the addresses here, mine included.)

Oh, absolutely. Those billion name things are worthless; most of the emails are bad, and there's lots of spamtraps, so using those lists is pretty much a loud announcement, "Hi, I'm Joe Sleazy Spammer!". This gets you shut down fast.

MeFi addresses, on the other hand, are likely to be spamtrap free and have a high working percentage. 5 bucks and a day of processing time is nothing to these guys, and if they sell just one thing, they'll break even; if they sell two, it's profit. These would be only medium-quality emails: they would mostly work, but wouldn't have real names attached. But they can still be sold to spammers and, since they can sell the same addresses a number of times, a harvester could make a reasonable profit without ever sending a single email him- or herself. Then the spammers start swapping and/or selling names amongst themselves, and the address percolates out into the mainstream, and eventually onto the gazillion-name CDs.

In reality, MeFi names probably wouldn't result in many sales, because the MeFi population is so intelligent, but spammers just work the percentages. If the emails work and don't result in instant spam complaints, they have value.

mathowie: the workaround of just hiding the email does work. And I checked several sites where I thought they used the double-email thing, and they don't, so I will retract that suggestion. Yours is better anyway; if it's not displayed at all, there's zero chance of harvesters getting it. I did think public/private emails would work better as an interim step, but if it's only a few days anyway... eh, not worth worrying about it.
posted by Malor at 5:01 PM on October 16, 2007


*trembles with fear and excitement*

itym *vorEhrfurchtErzitter*
posted by cortex (staff) at 5:26 PM on October 16, 2007


mathowie writes "It will look like this, and be pretty obvious that you have a message waiting for you."

Where should I be looking on this image?
posted by Mitheral at 5:36 PM on October 16, 2007


fuckyou@eatshit.com
posted by quonsar at 6:03 PM on October 16, 2007


Damn you Kirkaracha, I'm going to have that stupid tune in my head all day.

Sorry, BrotherCaine. If it makes you feel better, I started with "*composes death threat to BrotherCaine and waits patiently...patiently...*" before seeing loquacious' comment when I previewed.
posted by kirkaracha at 6:07 PM on October 16, 2007


Where should I be looking on this image?

Upper right corner. Little "mathowie" and envelope thinger.
posted by marble at 6:29 PM on October 16, 2007


Ah.
posted by Mitheral at 6:35 PM on October 16, 2007


yeah an "ignore mail from this user" is pretty much the first feature after sending and receiving is built.

So it's sort of like killfiles then?
posted by jessamyn (staff) at 6:49 PM on October 16, 2007


oh snap
posted by killdevil at 7:07 PM on October 16, 2007


Oh god, PMs. Great. I anxiously await avatars and signatures. And then smileys. Because that's what metafilter needs.
posted by Rhomboid at 7:19 PM on October 16, 2007


Why do people not put email in their profiles? Because they don't want their box filled with messages. Why don't they put their actual emails in profiles? Because they don't want their box filled with spam. This solves both. This is progress, not a change in how the content of the site is presented.

Though Matt, you should allow people to turn off private messaging in case they never want the site to change ever.
posted by ALongDecember at 7:33 PM on October 16, 2007


I'll get an email telling me I have memail, no? Or a buzzing on my genitalia or something?
posted by and hosted from Uranus at 7:41 PM on October 16, 2007


Also will cortex be reading my private cyber sessions with ortho?
posted by and hosted from Uranus at 7:45 PM on October 16, 2007



Also will cortex be reading my private cyber sessions with ortho?


He will have to because I won't touch 'em.
posted by jessamyn (staff) at 7:48 PM on October 16, 2007 [1 favorite]


Uh, Matt, could you put the emails back onto profiles for logged-in users, at least until you roll out whatever you're going to roll out? I just went to someone's profile to send them an email, and noticed they're gone. Is there some Clear and Present Danger at the moment of which we're unaware?

Why do people not put email in their profiles? Because they don't want their box filled with messages. Why don't they put their actual emails in profiles? Because they don't want their box filled with spam.

Bah. I've been on this site for almost exactly 7 years now, and I have never gotten a single piece of non-wendell spam -- and until maybe 6 months ago I had a dedicated email account for this site only, so I'd've been able to tell.

Over the years I have received maybe, on average, a couple of emails a month from other users who got my email address from my profile (which has been private to nonmembers for years).
posted by stavrosthewonderchicken at 7:48 PM on October 16, 2007


I see the extraneous possive "s" has been fixed in user profiles that end in "s" already. Must have slipped by me somehow.
posted by edgeways at 7:51 PM on October 16, 2007


If I understand this correctly, I really don't like it. In a general sense, email is a universally accepted standard for electronic messaging, and there's a huge array of tools out there to help people deal with it efficiently. Specifically:
  • Users will have to visit MeFi regularly to check for messages. What if a user wants to contact, say, MiguelCardoso about something he wrote years ago, but Miguel no longer visits the site? You might answer that this is a feature not a bug, since users that no longer visit the site won't be subjected to messages from it, but in the unlikely event that massive unsolicited email from MeFi fans were actually a problem, we can already fix it by simply removing our emails from our profile pages. And at least that way we have the choice of not visiting the site, but still remaining accessible to the nice, smart people here who might have a legitimate reason to contact us. This is an example of the general software design question of polling versus interrupts, and as anyone who's done GUI or network programming can tell you, the solution is generally to poll a single event loop that all signalers use. In the case of electronic messaging, that's checking the email inbox.
  • Similarly, if someone contacts you about something that's time sensitive, I know that I, at least, check my email inbox (even) more often than I check MeFi.
  • You'll lose all the functionality that email clients provide, such as attachments, offline access, filtering, searchability, etc. To which you might answer that people can just exchange email addresses via this system if they want that stuff, but, while I don't claim to be a usability expert, it seems much more useful to me to simply encourage email so that people get that stuff by default.
  • There's privacy issues. People may end up disclosing personal stuff in these messages, and do we or you really want that residing permanently on your server? Of course, a similar problem exists with anonymous AskMe's, and you might argue that people simply shouldn't use the system to communicate info they don't want on your server, but one difference is that many MeFites know each other to some extent offline, and just because you don't submit private info about yourself using messages doesn't mean that someone else won't.
  • At various times in MeFi's history, the server has been less than stable. This could make those moments even more annoying.
Basically, email already works well for this category of problems. Don't reinvent the wheel. I don't know whether the past measures were sufficient to keep my email address from being harvested via this site, but regardless, spam is a known problem, and my own Gmail spam filter works quite well. I really don't think that's a compelling enough reason to do this.

That said, if you insist on implementing this, please provide the option of letting people simply forward all their messages to their email, instead of (not in addition to) storing them on the server (so that people don't have to come over here and mark messages as read every time they read one via email).
posted by gsteff at 7:55 PM on October 16, 2007 [7 favorites]


Ooh, I agree with everything gsteff just said.

And not just because I may want to still send a drunken email to Miguel, BlueTrain, shane, or any number of other formerly-active MeFites.
posted by yhbc at 8:08 PM on October 16, 2007


mathowie writes "Anyone that wants to keep getting normal email is free to put their email address in their about me section."

I just went to do this and found it's already there. Beauty. I'm guessing when I was having trouble getting my password reset I de-obfuscated the email field and then marked it private while adding the obfuscated string to the about field.
posted by Mitheral at 8:11 PM on October 16, 2007


I hate it when ebay and flickr send me an email to tell me I have a website message that I can't interact with in email (it not only redundant, it's annoying).
^^ This

Also: when this internal thing rolls out, I promise to send heartfelt and laboured-over messages to everyone who pings me. Can't have a 0 beside that envelope, no way.
posted by bonaldi at 8:22 PM on October 16, 2007


gsteff, put your email address in your about me section. if you want it member-only, stick it in gender or occupation, since only members see that.

Everyone else will get to interact with the site without having to expose their email to the world.
posted by mathowie (staff) at 8:30 PM on October 16, 2007


I like the idea of a contact form that sends me email from other users without necessarily revealing my email address to them. But that's what I have email for. Adding PMs to the site doesn't really help enable communication, it just gives me one more place I'm not checking for messages on top of the 98 dozen other places I'm not checking for messages.
posted by jacquilynne at 8:30 PM on October 16, 2007


Welp, sounds like the decisions have all been made already, but I'd like to add my support to gsteff's comments, particularly when it comes to contacting inactive members. I can think of several times when I have been alerted via email to important/interesting stuff happening on forums I have not visited in years. I like the idea of some sort of PM system, but surely if people have chosen to display an email address here at MeFi they are aware of the potential for spam and are willing to deal with that. It seems awfully presumptuous to remove displayed addresses from all users automatically, including thousands who will never even realize it has been removed.
posted by Rock Steady at 9:12 PM on October 16, 2007


Rock Steady, the problem is that we can't have it both ways with regards to email addresses. We must have working email addresses so that people can fetch their password or change it. Those same people frequently obsfucate their address purposely (like Malor here in the original post) and that breaks any actual communication that the server needs to do with a user. So if we all have real working email addresses, we won't have to worry about spam if they are never exposed to the public.

When I find a long inactive member on another forum that I want to contact, I usually follow their personal website URL listed and find a contact/about page there.
posted by mathowie (staff) at 9:22 PM on October 16, 2007


My email address is my username at Gmail.

I'm going there now to watch my inbox fill up.
posted by timeistight at 9:26 PM on October 16, 2007


mathowie, I hear you, and you gotta do what you gotta do, but it just feels wrong to me to delete a portion of someone's profile without asking them. I'm not cutting off my hand over it or anything, I just thought I'd respectfully register my opposition to the change, necessary as it may be.
posted by Rock Steady at 9:34 PM on October 16, 2007


We must have working email addresses so that people can fetch their password or change it.

Okay, require everyone to provide you a working email address.

So if we all have real working email addresses, we won't have to worry about spam if they are never exposed to the public.

This does not follow. If anyone doesn't want to expose their email address to the public, let them tell you that.

What exactly am I missing here?
posted by yhbc at 9:36 PM on October 16, 2007


gsteff, put your email address in your about me section. if you want it member-only, stick it in gender or occupation, since only members see that.

So we have the choice between putting out there where everyone, logged-in or not can see it, or putting it in the gender or occupation fields? Seriously?

mathowie, I hear you, and you gotta do what you gotta do

I'm having some trouble figuring out why this is suddenly necessary.

When I find a long inactive member on another forum that I want to contact, I usually follow their personal website URL listed and find a contact/about page there.

And if they don't have a website, or don't list any of their email addresses anywhere on their site if they do have one?

I just don't get it.
posted by stavrosthewonderchicken at 9:36 PM on October 16, 2007


edgeways: "I see the extraneous possive "s" has been fixed in user profiles that end in "s" already. Must have slipped by me somehow."

It wasn't extraneous, it was Elementary Rule Number 1.
posted by Plutor at 9:37 PM on October 16, 2007


That said, if you insist on implementing this, please provide the option of letting people simply forward all their messages to their email, instead of (not in addition to) storing them on the server (so that people don't have to come over here and mark messages as read every time they read one via email).

This would be acceptable, once this new private messaging functionality is rolled out. Until then, I'd repeat my request to please unhide email addresses on our profiles.
posted by stavrosthewonderchicken at 9:44 PM on October 16, 2007


This does not follow. If anyone doesn't want to expose their email address to the public, let them tell you that.

What exactly am I missing here?


It's 2007. It's stupid that MeFi would require you to expose your personal email address if you ever want to hear from other users. A distinct minority enable it and of those that do, at least 1/3 of their email addresses are invalid purposely to obscure the actual address. It's a broken system.

I should have done this five years ago. It's a change, but it's a good change. Very few sites ask me or even allow me to display my email (flickr, delicious, twitter, etc) and instead offer other ways to leave a message for another fellow user and it works a lot better IMO.
posted by mathowie (staff) at 9:49 PM on October 16, 2007


Chalk me up with The Not Getting Its.
Playing at an airport lounge near you, soon!
posted by Alvy Ampersand at 9:52 PM on October 16, 2007


It sounds like there are two pieces of information being discussed here: 1. an actual working valid email address needed for admin purposes, and 2. some information users have chosen to put in a field titled "Email" in their profile. I can see why it makes things difficult for the admins that 1 and 2 are not always congruent, but I don't see why they have to be. That said, my understanding of servers and databases and website administration is pretty minimal, so take my difficulties with a grain of salt.
posted by Rock Steady at 10:05 PM on October 16, 2007


I should have done this five years ago. It's a change, but it's a good change.

Yeah, sez you!

Very few sites ask me or even allow me to display my email (flickr, delicious, twitter, etc) and instead offer other ways to leave a message for another fellow user and it works a lot better IMO.

Metafilter is a different sort of site than the ones you quote, a site that is built on interactions between people. You can call it a weblog all you want, but it's not. It's all about people interacting.

Flickr is about pictures, and whatever hit and run interactions and conversations happen around them. It does, in the sense that it's built in a way that allows people to band together around common activity, bear some social similarities to Metafilter. But my two cents on their PM system: I visit Flickr once every couple on months, maybe, and the backlog of Flickrmail annoys the piss out of me, and probably annoys people who've sent it, because they waited so long for reply.

Delicious is a bookmarking site. There's nothing even remotely similar to the way people use Metafilter. Apples and oranges.

Twitter is freaking goofy, but that's beside the point. I dunno what the hell it is -- an ADD presence-stream look-at-me teflon wankfest, I dunno -- but again, it is nothing like what Metafilter is, which is a virtual place in which people gather to look at neat shit and discuss it, or engage in shared activity that builds a sense of community. To have conversations that, as shown by the burgeoning meetup schedule, people often want to continue offsite.

Keyword: OFFSITE.

The fact that some (some, and your examples aren't great -- you'd be better choosing a BBS web app rather than the Web2.0 social network posterchildren, because Metafilter's not like them) sites do not give users the option of exposing an email address to other users is no reason that Metafilter should not do so.

Pretty much every site I know of that has personal messaging at least allows the option to forward that stuff to your email, whether that email is 'exposed' or not.

It's stupid that MeFi would require you to expose your personal email address if you ever want to hear from other users.

For years, it's been revealed only to other logged-in users. Has anybody ever (other than wendellian hijinx, once) received any spam as a consequence? I'd suggest no, if my experience has been any guide.

Saying it's stupid doesn't make it stupid. It would be trivial to require a verifiable email for signup, unexposed, and a option once registered to a) not reveal any email address at all b) reveal that signup email to other users (as we have now) on your profile or c) optionally enter and reveal a secondary email address to other users. Done like dinner. Two extra db fields, two form fields, one for the boolean choice of allowing user-contactability, and one for that user-exposed email address, if it's going to be different from the signup email address.

Is there anybody who doesn't have half a dozen email addresses for different purposes in these days of free webmail accounts?

I dunno Matt, maybe you're not getting how this feels like the kind of predatory User Lock-in tactic that companies like Yahoo specialize in. I'm reasonably sure that's not your intention, but that's the feel of it, to me at least.
posted by stavrosthewonderchicken at 10:19 PM on October 16, 2007 [3 favorites]


And because I maybe wasn't clear -- personal messaging? Hell yeah! Bring it on, with thanks.

But allowing the option for other people to see an email address of your choosing, without it being some kind of kludgy workaround like putting it in the 'gender' field of your profile, seems very much in keeping with how this site should work.

And allowing an option to forward PMs directly to an email address of your choosing and marking them read in the process would also be a good thing, but thinking about it, how one might then respond to those PMs without having to go back to Metafilter, I don't quite know.

Ah well. My 72 bits.
posted by stavrosthewonderchicken at 10:24 PM on October 16, 2007


I like having email addresses in profiles too. I also like the idea of using Gmail as a honeypot for spambots, so I've just put my address in my "about me" box in plain text. As long as Matt doesn't stop anybody from doing that, I don't mind what else he gets up to.
posted by flabdablet at 10:34 PM on October 16, 2007


FWIW, I'd also like the public email field, visible only to those logged in, but it's not that big a deal. I can put the obfuscated version in the regular notes.

I'd prefer a specific field for that, but I can live without it.... I suspect my obfuscation is probably safe on a public page.
posted by Malor at 10:37 PM on October 16, 2007


I dunno Matt, maybe you're not getting how this feels like the kind of predatory User Lock-in tactic that companies like Yahoo specialize in. I'm reasonably sure that's not your intention, but that's the feel of it, to me at least.

I'm kind of surprised to hear weird backlash on this because a heck of a lot of users were asking for it for the last 8 years, specifically because they didn't want to have to share their email addresses with the world.

Here are 130 results for "private messaging" mentioned in previous metatalk posts, including several recent ones.

I'm not trying to be Yahoo here and introduce lock-in, I'm trying to let people keep their private contact info private but also allow for member-to-member communication in a way that's easy.
posted by mathowie (staff) at 11:01 PM on October 16, 2007


I'm not trying to be Yahoo here and introduce lock-in

Like I said, I didn't think you were, really, but it's got that kind of feel, if you know what I mean.

because they didn't want to have to share their email addresses with the world.

But I don't understand this, again, because they don't. They share their email address (optionally, if they add an email to their profile, any email address at all) with logged-in Metafilter users only. Is this just a user education issue?

I understand that you want to have a real, unobfuscated email address from everyone in order to enable password-changing and possibly other admin functions. That's sensible.

But what I suggested above, allowing three possibilities (while requiring a totally private email address for signup/admin contact):

1) default: share no email with other users (not the world, same as now)
2) share signup email with users (tickbox 'Show this address to other users')
3) share an optional secondary public address with users (tickbox 'Show a different email to other users', textbox for public email)

would seem to satisfy all variations on contact options, and not interfere in any way with your planned PM functionality.
posted by stavrosthewonderchicken at 11:15 PM on October 16, 2007


Again, two emails in your profile? How confusing is that? I doubt more than a dozen people would use that feature. A simple message system will be used by a heck of a lot more people and be easier to explain.

Honestly, it feels like most of the criticism here is simple fear of change. I should have done this five years ago and I know everyone's gotten used to the old school way things are done here, but it's about time we finally moved into the previous century with this new feature.
posted by mathowie (staff) at 11:23 PM on October 16, 2007


mathowie: the problem is that we can't have it both ways with regards to email addresses.

WHAT
THE
FUCK
ARE
YOU
SMOKING
MATT?

You can definitely have it both ways. Implement the PM system, and also have a set of radio buttons to expose your email to [Nobody, Members, Everybody]. You don't even need to do the image thing, really.

I LIKE getting impassioned emails from the likes of SCDB and having long off-site conversations, it makes me feel all warm and fuzzy about the community. Really. It's wonderful, and you don't get that other places.
posted by blasdelf at 11:24 PM on October 16, 2007 [3 favorites]


I would like to receive mail from users who wish to contact me.
I would not like to place my email address in a profile that 30-something thousand users can see.
Therefore I do not make my email address available to anyone.

I agree with the lock-in assessment of other sites, but I would not be inclined to consider such a decision by matthowie on the behalf of MeFi users to be anything approaching "predatory". Giant Conglomerate X's decisions are sure to differ from Mr. Matthew Howie of 123 Main St., Mytown USA... or am I being naïve?
posted by loiseau at 11:27 PM on October 16, 2007


I agree wholeheartedly with the effort to get more contact for the admins, and to make more people comfortable with having some way to be contacted by other users.

Unfortunately, PM systems tend to suck balls, even when they aren't trying to do the whole lock-in thing. You're basically writing a webmail client. That's fucking hard, even with the limited use cases.

Be very careful.
posted by blasdelf at 11:36 PM on October 16, 2007


We must have working email addresses so that people can fetch their password or change it.

This strikes me as bizzare. You already require working email addresses during signup, I thought, and those email addresses are already totally hidden from other users. Many people, like me, use throwaway email addresses for basically everything online, and that won't change no matter what you do in the user profiles. If people don't want to provide a real email address, they won't be able to change their password (unless you go the "secret question" route). It's their choice.

Honestly, it feels like most of the criticism here is simple fear of change.

In my case, at least, it's fear of communication to me being delayed by a few hours, days, or weeks if I drift away from the site for that time, and of not being able to contact other members if they do the same. This is a major bug, IMHO.
posted by gsteff at 12:01 AM on October 17, 2007


Again, two emails in your profile? How confusing is that? I doubt more than a dozen people would use that feature. A simple message system will be used by a heck of a lot more people and be easier to explain.

Man, are you on drugs? No, (again) I'm not suggesting retaining email contact as an alternate to a PM system, and no, not two emails on your goddamned profile.

Look, here's a little text flowchart use-case thing for you. On the profile/at signup:

Q1: Do you want to share your signup email [blahblah@whatever.com] with other users?

User Answer: No. (OK, do not display, go to Q2.)
User Answer: Yes. (OK, [blahblah@whatever.com] is displayed to logged-in users, and we're done.)

Q2: Do you want to share a different email with other users?

User Answer: No. (OK, we're done, no email.)
User Answer: Yes (OK, show textbox, user enters contact email, you show it, we're done.)

That is not confusing or complicated, and I guaran-goddamn-tee you people would use it, and they'd only need to do it once.

Honestly, it feels like most of the criticism here is simple fear of change. I should have done this five years ago and I know everyone's gotten used to the old school way things are done here, but it's about time we finally moved into the previous century with this new feature.

Alright, dude, you keep on telling us what we think, and doing what you like. But you know, fuck it. It's your community to cripple in the ways you feel are appropriate.

it's about time we finally moved into the previous century with this new feature.

Good, great, yes. PMs that have been a feature of every half-assed bulletin board since the stone age will surely pull Metafilter into the bright new world of Web 2.0! Huzzah! Yeah, a PM system will be nice to have. Yeah, email's for old people. But you're dead wrong to think the one can and should entirely replace the other.

I've opened a new account -- wonderchickenfilter at gmail -- specifically for future Metafilter correspondance and will put it on my profile, visible to the world, not just logged-in users (who reasonably might be expected not to be looking for it in the 'gender' field. How ridiculous.

If I ever, like so many have over the years, get sick of Metafilter and the unpleasantness that steadily increases over time and ask my account to be closed, or just want to walk away for whatever reason, or if Matt dies or something and the site goes away, if he sells it to Yahoo and retires, whatever, I want to be able to have the email addresses of all the people I would still like to interact with -- away from Metafilter -- in my address book. My own address book. Attached to my own email account. I'll use PMs, but I want the option of managing my (offsite) relationships with other people, rather than having Matt try to mediate them.
posted by stavrosthewonderchicken at 12:03 AM on October 17, 2007 [1 favorite]


I've displayed an email address to the MetaFilter community for five and a half years. In that time, I've never received any unwanted email that I could trace back to MetaFilter.

I like the idea of having some way to contact those paranoid worrywarts who currently hide their address. I also like the idea of forcing everyone to provide a real address to the mods (I think this should be done retroactively). However, I want to retain the ability to display mine without going through some kind of kludge.
posted by timeistight at 12:56 AM on October 17, 2007


I dunno, stavros. I was a little annoyed because I thought it was poorly implemented, and I suggested almost exactly the same thing you did, so I obviously agree with you wholeheartedly in that regard.

But I'm surprised at the sheer anger I'm reading; it sounds like you're really furious, and it just doesn't seem worth that much effort. We have workarounds available that, while suboptimal, will be adequate. Yes, it sucks that we need to use them, but it just doesn't seem worth being that frustrated about.

mathowie: 'fear of change' is an easy label, but you gotta realize, you're working with an unusual crowd here. Most of us adapt to change quite well, as long as it's an improvement. This time, you're getting pushback from me because what you did wasn't thought out well and broke a feature I use. The last time I was uptight, it was because you were substituting a new comment history display that was less useful and concise than the old one. You're getting clear reasons why we don't like the change, specific things that don't work as well as the prior way. That's not fear of change, that's resistance to an inferior replacement. If we just say, "I don't like it, waaah" -- that's resistance to change. If it's, "I don't like it, because X isn't supported properly and Y doesn't work at all" -- that's valid criticism. You may not think X and Y aren't important, and you may be right that the main userbase doesn't either, but that doesn't make criticism with specific points into 'fear of change'.
posted by Malor at 1:07 AM on October 17, 2007


But I'm surprised at the sheer anger I'm reading; it sounds like you're really furious, and it just doesn't seem worth that much effort.

Yeah, I was frustrated, am. Not just about this admittedly minor thing, more at what I've started to perceive as a pattern in the way things have been going that I find worrisome (like Matt repeatedly dismissing the comments of deeply-interested long-time users (and I don't just mean me, here) as 'being afraid of change'. That's just a little too close to contemptuous, in my books.

But yeah, I've got too much emotionally invested in the community here, I'll be the first to admit. I should probably take a step or two back.
posted by stavrosthewonderchicken at 1:36 AM on October 17, 2007


)
posted by flabdablet at 1:43 AM on October 17, 2007


Whoops. The more worked up I get, the more parenthetical. It is one of my many failings.
posted by stavrosthewonderchicken at 1:52 AM on October 17, 2007


“Those same people frequently obsfucate their address purposely (like Malor here in the original post) and that breaks any actual communication that the server needs to do with a user.”

Screw 'em. If spam from MeFi email addresses was an actual problem, I'd feel differently. But it's not. Despite numerous challenges, no has demonstrated that this has ever been a real, actual problem. Several people have said, as stav has, that they have MeFi-unique addresses that they would know have generated spam, if they had. But they haven't.

I think it's funny that you say “it's 2007...”. Yeah, and email forms are anachronisms from 1996 when people temporarily forgot there were such things as email clients.

Site-specific email is parochial and almost always unnecessary. It replaces a universal and robust system with a large feature-base with a stupendously dumb web form.

This giant step backward is being forced on us because of paranoid users who fear something that isn't real. Furthermore, you assume that everyone who provided fake email address did so because of fear of spam when, in fact, a large number of users have said that they have done so because they don't want email from anyone at MeFi, ever. This change will not make them happy. Not that I care.

My email address is kmellis@kmellis.com.
posted by Ethereal Bligh at 1:59 AM on October 17, 2007


Count me among those that have placed an email in the about field in their profile.
posted by juv3nal at 2:15 AM on October 17, 2007


Matt,
This might have gone done better if you had made a Metatalk post explaining a change was being made and why. Instead people suddenly found a part of the site purposefully "broken" and after wandering over to MetaTalk, suddenly find out there's a bunch of changes that are happening. That's bound to annoy or piss some people off.
posted by Brandon Blatcher at 2:26 AM on October 17, 2007


My experience with most PM systems has not been great. Things I've disliked: getting an email saying that I have a message, but no inclusion of the message... so, I have to go to the site, log in, check the messages, only usually to find someone is soft-spamming me; at least one (twitter?, last.fm?), leaves me with a full record of the messages sent to me, but no record of my responses. Very, very, very irritating. At more than one place (can't keep them straight) I never see that I have messages unless I log in, and I almost never log in. Finally, If I don't remember that I've communicated with someone via PM, I'm searching my email for their message or address, and not finding it.

So, while I'm not poo-pooing the whole idea, given my 'druthers, I'd like the PM , but I'd like to still have my email in the email field, and have the email field available for those who would like to display it - because putting it somewhere else ("about me", "occupation", "gender", etc.) is going to be an option that only a tiny minority will know about and resort to using.
posted by taz at 3:50 AM on October 17, 2007


The only way to prevent Yahoo Lockin Syndrome and fix the problem that Matt is trying to fix is to have the form be a one-way email form. I go to cortex's profile, and there's an "email this user" button. I click it, there's a form. I write where exactly he can shove his giant donut, and click send. (Here comes the magic part:) He gets an email, and the from (or maybe Reply-To) field is my email address. Maybe I get a copy sent to me. He gets to decide whether he'll expose his actual email to me by replying to my diatribe.

That's it. No private messaging system. No proprietary nothing. Just window-dressing on a plain email so that the owner of the email address controlls exactly who has that information.
posted by Plutor at 4:26 AM on October 17, 2007 [1 favorite]


I'm not trying to be obtuse, but when I read:

mathowie: I'm trying to let people keep their private contact info private but also allow for member-to-member communication in a way that's easy.

My first question is, why can't we have both?

If I, and I is the operative word, don't want my email address available then I am free to leave the field empty. Just like always. I understand the administrative need for a valid email address, but as stavros so clearly pointed out, it shouldn't be overly difficult to separate the two.

I think memail is a great idea, but not as a replacement for a long standing convention. A convention that, unless there is something I'm not privy to, seems to be working just fine.

This seems a little closer to feature creep than an enhancement. As someone (it's way too early to reread this thread, my apologies) pointed out, this site isn't like others and to emulate something that the cool kids are doing (even if this isn't the primary reason) may not be the best way to go. This joint is a friggin' web icon because it is what it is and it does one thing very well and has being doing it for a long time.
posted by cedar at 5:16 AM on October 17, 2007 [1 favorite]


I'm really not getting the problem this is meant to be fixing, either. I have my main email address (only, really - can't be arsed maintaining throwaway accounts) unobfuscated all over the web on publicly accessible pages, and maybe one piece of spam manages to get through to my inbox every couple of days.

Adding a messaging system sounds cool to me, but breaking the main form of behind the scenes communication we've all been using quite happily for so long in the process just doesn't make a blind bit of sense.
posted by jack_mo at 5:48 AM on October 17, 2007


My goodness. What a kerfuffle. I actually read the whole thread, every comment and the previous thread, every comment. I feel a slight pressure originating from the sky, but not too much. Mind you, if it turns into a acorn storm, I'm in there, I like this place too much to not be a chicken licken.
The way I see it is, change is going to happen and mathowie has decided, lets see what happens. This idea (as evidenced by the screenshot and its reference) has been over a year in the coming. If this idea does come to fruition, let's put things in perspective. mathowie did have this great idea many years ago. I don't know if it would have rocked, but it has been asked for, many times over.
I don't want to get all philosophical but: People get stuff, People ask for stuff, People object to stuff. Stuff happens.
posted by tellurian at 6:06 AM on October 17, 2007


Also not getting the problem this is supposed to be fixing - haven't gotten a MeFi-related spam ever, far as I know - and encouraging Matt to include a field for display of an email address.
posted by mediareport at 6:08 AM on October 17, 2007


I put my email addy in my profile in the written portion where Matt won't be bothering it.

After all, if I trust Wendell with it, the rest of you should be no problem.
posted by konolia at 6:24 AM on October 17, 2007


I echo the comments of gsteff, jacqueline and others. I've gone to some lengths to route all the messages I care about to one email address, from all modes a methods of travel. I really don't want to have to have "check metafilter mail" as well.

If you want to implement an email contact form which sends mail but hides addresses, great. We're adults; the recipient can make up their mind if they want to remain anonymous and reply with their metafilter identity using the your form, or break cover and reply by email. I am not in favour of a metafilter-only PM system though. That's a step backwards, in my opinion.

My bias: I've always had a valid, non-obfuscated mail in my profile.
posted by bonehead at 6:28 AM on October 17, 2007


tellurian: "The way I see it is.."

Incorrect assumptions:
1) If people ask for it, it must be a good idea.
2) If lots of people ask for it, it must be a really good idea.
3) If it's an old idea, it's a good idea.
4) Matt wanted to do it five years ago but he didn't, so it's grandfathered in.
5) People who fear change are wrong, so change is always good.
6) History is one damn fact after another.
posted by Plutor at 6:41 AM on October 17, 2007


No emails in profiles means we can't easily find an admin's email address for issues. Though ya'll might consider this a feature.
posted by Brandon Blatcher at 6:53 AM on October 17, 2007


I agree with the wonderchicken (minus a little excess clucking). I don't see the problem needing to be fixed, and I don't see why the addition of a PM system (which I don't care about one way or the other) necessarily means getting rid of e-mail addresses (which I like and use, and no, I don't want to put it in the "gender" box, WTF?). And it bothers me that mathowie sees all pushback as mindless longing for the good old days. Step back from your thrill over this brilliant new idea you've had and listen to your users, OK? There may, just may, be a better way to do this.
posted by languagehat at 6:57 AM on October 17, 2007


Fear of change? Really? People don't like a feature and you're going to get all condescending on them? I do this kind of thing all the time, I understand fear of change is a real issue, but there are quite a few perfectly valid objections to a PM system listed in this thread that go well beyond fear of change.

I'm familiar with the PM systems of every major forum software package available, as well as dozens of custom jobs on various sites, and the thing they all have in common is that relative to actual email, they suck. Some of this is cribbed from an analysis I did when we looked at adding a PM based system to our site.

Using the interfaces is slow and tedious relative to using a good email client or a full featured web-based email app like GMail.

Quoteback is inevitably difficult -- either you have to use bb code to individually offset bits of quoted material when you're interquoting, or there is really no quote marking possible at all.

They're generally unthreaded which makes keeping track of conversations difficult, especially when it takes multiple extra steps to even file sent mail in the same folder as incoming mail.

They don't offer attachments.

They're often limited in terms of size -- whether size of the actual message or in number of messages that an individual is permitted to keep on hand. At the same time, the first feature problem -- tedious and slow interfaces -- makes actually cleaning them out to remain under the cap difficult.

If they do offer notifications of new messages via email, those are often treated as spam by the more paranoid service providers out there, where genuine messages would actually make it through.

They lack portability. They can't be popped, forwarded to non-community members, exported or archived.

Those are genuine feature inadequacies of nearly every PM system I've ever encountered, not just fear of change. I'm not looking into the future and wailing, I'm looking at the past -- at my history of using PM systems and disliking them -- and not wanting to see one more source of those same issues.

My most common behaviour on systems like that is to include in my first message 'you can reach me at jaquilynne@canada.com if you want to continue this conversation in a real email client.'

Arguably the most usable systems I've encountered are the email relays, meetup.com is a good example. If you email another member through their site, they get an actual email, with your content at their email address. You can choose to reveal your email address to them or not reveal their email address to them. When they get the email, they can choose to reply via the site (thus replying without revealing their email address) or if the original sender let their email address be visible, by email, thus revealing their email address. They can manage those conversations in the email client with which they are most familiar, and which contains all their other email, and receive it whether they're accessing MetaFilter at the time or not.

That system still has drawbacks -- some people will, inevitably, try to reply to emails they can't reply to (though I've seen email passthrough systems that actually use unique message IDs or username/domain email addresses to make replies work and get sent back to the original person, as well) and there are still, generally, no attachments permitted in the first email contact. But they're a whole lot easier to integrate into your life than yet another on-site messaging system.
posted by jacquilynne at 7:21 AM on October 17, 2007 [3 favorites]


I'm going to have to weigh in with the wonderchicken. I like the idea of PMs, but only as an addition to the old email system, not as a substitute. I want to be able to email current and previous users for the various reasons elaborated on above, (searching and whatnot) and to be emailed.
And add me to the chorus of people who have never had mefi-sourced spam in all these years. Not a one. (Not even one that wendelled, sob.)

On preview, I'll just defer to jacquilynne.
posted by CunningLinguist at 7:34 AM on October 17, 2007


Fear of change? Really? People don't like a feature and you're going to get all condescending on them?

While I don't think Matt's being condescending(Perhaps a tad testy, but completely understandable considering the thought and work he's put into it and the large amount of negative responses he's recieved), I don't think it's fear of change that's behind people's aversion to MeMail. The gmail in my account is my all-purpose mail dump - any messages or site notifications are sent to that account, saving me the time and hassle of multiple log-ins, and MeMail as I understand it decentralizes this management system.

It just seems redundant. The original mail set-up didn't result in much if any spam, and its optionality as well as links for AIM and ICQ allow people to control their level of off-site MeFi interaction. This new method reduces that sense of autonomy, and that's what I think people are reacting to.
posted by Alvy Ampersand at 7:47 AM on October 17, 2007


No emails in profiles means we can't easily find an admin's email address for issues. Though ya'll might consider this a feature.

The first 60,000 or so users here have my email address so it doesn't help me one way or the other. All of us are pretty reachable basically any way people want to reach us. I answer MeFi questions on Facebook now from time to time.
posted by jessamyn (staff) at 7:49 AM on October 17, 2007


MY MEFI MAIL HARVESTER BOT QUIT WORKING. WTF?
posted by quonsar at 7:54 AM on October 17, 2007 [2 favorites]


As a further datapoint, with having an address in the clear since I joined, about five years ago, I've never had spam or a commercial email that I could attribute back to the metafilter address. I have had lots of interesting off-line conversations though.
posted by bonehead at 7:59 AM on October 17, 2007


No emails in profiles means we can't easily find an admin's email address for issues. Though ya'll might consider this a feature.

There's a contact link at the bottom of every single page on this site and about 3-4 dozen people use it everyday.

It sounds like a compromise would be allowing people to continue to display their email optionally, but also finish the new mail system, which would be turned on by default for everyone (with the option to turn it off).

While I don't think Matt's being condescending(Perhaps a tad testy, but completely understandable considering the thought and work he's put into it and the large amount of negative responses he's recieved)

I'm frustrated because I've just embarked on a complete rewrite of the user login system to do a dozen things people have asked for weekly since the site started. In order to do that, we need working email addresses because we're going to ask everyone to eventually (in a couple weeks) re-login when everything is complete. There will be password changing, passwords will be stored in a new encrypted way in the db, and cookies will be stored differently. New users get a welcome/authentication email as well.

When we started planning it out, we realized thousands of emails we have are false and are going to result in lots of headaches with people having to ask us to modify their accounts (and prove who they say they are -- it's a pain that takes 10-15 minutes of back and forth emailing per user).

We built an email authentication system to ensure that emails going forward stay in a working format. Then to prevent spam, I insisted we move to images instead of text on the display of email, but that was a problem here. Then I saw a thread with people not wanting to put working addresses in. So I proposed a private message system that people have been asking for many years and it's clear it's a bit too late for that because everyone's used to email.

So I'm frustrated because we've got a mile to go to finish rewriting the user authentication system into something that works much better and is more secure, but after taking a few steps off the starting line, everyone in the crowd is yelling at me to stop.

I should have explained this all ahead of time and just might make a new metatalk post saying we're redoing a long overdue section of the site's code that will require logging back in at some point and a working email address.
posted by mathowie (staff) at 8:38 AM on October 17, 2007 [2 favorites]


I think everyone here who doesn't like an internal email system understands the urgency of having valid email addresses and the other important functionality that allows.

But the correct solution is to require valid addresses for admin purposes that no one but admins see and retain the email entry in the profile.

It's really strange that you object to having two addresses (an admin-only-visible email and the one shown in the profile) when you're creating a lot more work for yourself by building an internal messaging system.

Here's what you should do:

1) At sign up, require a valid email address and verify it.
2) Don't automatically populate the email info in users' profiles.
3) For the email section of the user profile edit form, add a entry labeled “Email Address (required, must be valid, visible to MetaFilter adminis only)”, and below it another entry labeled “Public Email Address (optional, visible to members)” with perhaps a checkbox beside it labeled “Use Above Address”.
posted by Ethereal Bligh at 9:07 AM on October 17, 2007 [2 favorites]


It's okay mathowie, don't stress. It's just a website.
Oh! and Plutor: see above.
posted by tellurian at 9:19 AM on October 17, 2007


The reason that Matt is frustrated because people have asked for the messaging system. Repeatedly. (He links it all above.) There is no big outcry in those threads, because users didn't realize that this would replace emails in profiles, it was assumed to be an addition. It's not change that is jarring, it is the lack of choice of including emails.

That being said, I'm relatively new, I'm pretty much a lurker, I think I've contacted someone offsite maybe twice. I'm semi-anonymous here (though anyone could come up with the right google from my askmes.) But in my professional life I am not anonymous and it would be nice to be able to have the ability to communicate privately onsite. I think that I would definitely initiate more contact with users with a messaging system.
posted by typewriter at 9:25 AM on October 17, 2007


"we're redoing a long overdue section of the site's code that will require logging back in at some point and a working email address."

I think this is major. Just how you will get this across all sections is mind boggling [a MetaTalk post won't be not enough]! Good luck.
posted by tellurian at 9:34 AM on October 17, 2007


Not only that. Those people that have had, special looking profiles. Those profiles that stood out from the others. They'll all be gone. Gone. Yes? Equal profiles for everyone. Yes? All the same. Yes?
posted by tellurian at 9:48 AM on October 17, 2007


I think EB makes a very good suggestion. I also don't think anyone is objecting to the user authentication changes, and many people are pleased to hear about the addition of a PM system (myself included). We just don't understand why that has to come at the expense of a formal way to list an email address in our profile. There are several freeform text fields available already, why can't one be called "Email"? It doesn't have to have any sort of connection to admin/authentication at all.
posted by Rock Steady at 9:51 AM on October 17, 2007


I just re-enabled emails on profile pages, as a hotlinked mailto. We're still doing the PM system in addition to that and it should be online later today. If you want ease of use, show your email, if you want to not be spammed, just use the private messaging instead.
posted by mathowie (staff) at 9:52 AM on October 17, 2007 [2 favorites]


I don't see anyone yelling at you to stop. I do see lots of people asking you to retain the feature that allows us to show our email address to logged in users. I also see people asking that the new messaging system work with our email addresses rather than inventing a new communication channel.

Is there any reason why the new system can't accommodate those needs?
posted by timeistight at 9:54 AM on October 17, 2007


Should have previewed.
posted by timeistight at 9:55 AM on October 17, 2007


Thanks, Matt.
posted by cortex (staff) at 10:09 AM on October 17, 2007


Yes; thanks.

Looking forward to changing my password, as well.
posted by yhbc at 10:10 AM on October 17, 2007


- images are much less easier to scrape than simple text. The chances that someone would pay for a login, then write an OCR bot, then suck down thousands of profiles in order to get emails seems laughable to me.

Why does it seem laughable to you? Those Captchas are hard to read for a reason.

Why not just have a form that would let logged on members send an email through the site. That would prevent any email from being harvested.
posted by delmoi at 10:15 AM on October 17, 2007


tellurian: "It's okay mathowie, don't stress. It's just a website your sole source of income."

Fixed that for you.
posted by Plutor at 10:22 AM on October 17, 2007


Those people that have had, special looking profiles. Those profiles that stood out from the others. They'll all be gone. Gone. Yes? Equal profiles for everyone. Yes? All the same. Yes?

tellurian, as mathowie once said to me, that ship sailed long ago. but you are welcome to join me on the beach, all teary-eyed and waving our hankies.
posted by quonsar at 10:24 AM on October 17, 2007 [2 favorites]


Yes, thank you.
I guess this means I should try and remember my password?
posted by typewriter at 10:29 AM on October 17, 2007


I'm keen to guess.

qwerty?
posted by yhbc at 10:38 AM on October 17, 2007


Uh...maybe...I dunno...don't try it or nothin'

It doesn't matter! I'm going to be able to change it very very soon!!
posted by typewriter at 10:45 AM on October 17, 2007


colemak!
posted by cortex (staff) at 10:46 AM on October 17, 2007


Thanks, Matt and PB.
posted by Ethereal Bligh at 10:50 AM on October 17, 2007


Thanks for returning the email field Matt.

typewriter writes "I guess this means I should try and remember my password?"

Or at least update your email field with a good address.
posted by Mitheral at 10:50 AM on October 17, 2007


Thanks, Matt.
posted by languagehat at 10:58 AM on October 17, 2007


Thanks Matt.
posted by CunningLinguist at 10:59 AM on October 17, 2007


*goes to update email field to a valid address*

Thanks, Matt!
posted by mosessis at 11:02 AM on October 17, 2007


Thanks, Matt!
posted by By The Grace of God at 11:17 AM on October 17, 2007


Matt, thanks!
posted by Brandon Blatcher at 11:23 AM on October 17, 2007


Tæshækkür elæyiræm, Matt!
posted by Alvy Ampersand at 11:42 AM on October 17, 2007


Metafilter:It's okay mathowie, don't stress. It's just a website
posted by wheelieman at 11:43 AM on October 17, 2007


Erm, its possible that I've missed it, but will the pm system address the issues that others have noted in most other implementations i.e. having to login to read messages? Will there be an option to simply forward everything to our email boxes?

Also, please use a modern password hash (bcrypt) for storage, the SHAs and MD5 are pretty much deprecated for new systems.
posted by Skorgu at 12:05 PM on October 17, 2007


I love the smell of compromise in the morning. Except this

if you want to not be spammed, just use the private messaging instead.

is just fearmongering bollocks, and you know it. If you could or would offer even one example of spam occurring because emails displayed to logged-in users (other, again, than wendell's little one-time romp), I'd be more inclined to trust what you had to say in future. As it is, yeah, not so much.
posted by stavrosthewonderchicken at 1:30 PM on October 17, 2007


But thanks for retaining emails, which it seems was something that most of us very much wanted.
posted by stavrosthewonderchicken at 1:36 PM on October 17, 2007


if you want to not be spammed

It's just bad grammar, that's my only complaint.
posted by found missing at 2:06 PM on October 17, 2007


is just fearmongering bollocks, and you know it.

Actually it's not. There is at least one example of someone saying that they exposed a private email address here and started getting spammed after never getting a single piece of spam before they listed it here. I can't find it in the metatalk archives but I can't say I'm 100% no one has ever received unsolicited email from mefi before, nor can I say with any doubt that no spammer email harvester has ever signed up for an account here. It's not fear mongering, it's what I've read on metatalk for the past few years.

The likelihood is low, but it's not zero.
posted by mathowie (staff) at 2:17 PM on October 17, 2007


Sure, it's happened. But a bunch of people have offered the opposing example where they know they haven't gotten spam. I'm inclined to believe that if spam was a problem at all, the situation would be reversed where most people report seeing spam via mefi and only one or two users claiming not to have seen any spam. Stav is being pretty aggressive in making his point, but I think he's right that there just isn't a problem with spam via mefi.
posted by Ethereal Bligh at 3:13 PM on October 17, 2007


Tæshækkür elæyiræm

Heh, never realized Azerbaijani was so closely related to Turkish. Çok güzel!

Carry on.
posted by goodnewsfortheinsane at 3:22 PM on October 17, 2007


Come on matt. This:

I can't say I'm 100% no one has ever received unsolicited email from mefi before

doesn't equal this:

if you want to not be spammed

I'm sure that's just frustration speaking though. Thanks for the compromise.
posted by justgary at 3:23 PM on October 17, 2007


Thank you for listening to the users on this one, Matt. It was a bit disconcerting that you seemed testy about the small part of your plan that apparently felt like a minor step backward for some, but thanks again for accomodating us.
posted by mediareport at 3:30 PM on October 17, 2007


There are several freeform text fields available already, why can't one be called "Email"? It doesn't have to have any sort of connection to admin/authentication at all.

It would be nice to retain the mildly anti-spam ability to use something like "xxxx at yyyy daught com" if that field doesn't have to be connected to admin stuff, which, unless I'm misunderstanding, it doesn't. Can we please just have back an "email for display" field that allows us to slightly munge our address?
posted by mediareport at 3:42 PM on October 17, 2007


Sheesh guys/gals, lay off the matt. Spamming isn't just outsiders harvesting our email, it's also your fellow mefites. For the longest time, I didn't have an email on my profile, not out of fear of stranger spam, but rather a distaste of getting mail-that-should-have-been-a-post from other mefites. Personally, I'm not a huge fan of having a PM system, since I worry it's going to lead to the best flamewars going private, instead of to metatalk.
posted by nomisxid at 3:43 PM on October 17, 2007


Fret not. Flamewars need the oxygen of publicity to burn; they fizzle quickly in the vacuum of an inbox.
posted by bonaldi at 3:46 PM on October 17, 2007


qwerty?

Nah, typewriter seems to have some class.

I'm going to guess Underwood.
posted by quin at 3:47 PM on October 17, 2007


Can we please just have back an "email for display" field that allows us to slightly munge our address?

It is back already, actually.
posted by cortex (staff) at 3:50 PM on October 17, 2007


It is back already, actually.

No it's not, cortex. I just tried to change my display email to a slightly munged address and got "It looks like your new address—todd at monkeytime daught org—isn't a valid email address." It's still demanding a verifiable working address.
posted by mediareport at 3:57 PM on October 17, 2007


Yeah, I just went and looked too.. there's no 'munged email address' field yet.
posted by Malor at 3:59 PM on October 17, 2007


I tried a functioning but mungey email address

jessamyn+loveseveryoneevenyou@gmail.com

and it wont accept that either. I think the issue is that if you munge the address, it's available to humans but not available to the password-mailing bot which was I think one of the original goals of this whole project.
posted by jessamyn (staff) at 4:01 PM on October 17, 2007


“and it wont accept that either. I think the issue is that if you munge the address, it's available to humans but not available to the password-mailing bot which was I think one of the original goals of this whole project.”

This is why the profile edit form should have two entries for email. One is the admin-only verified address and the other is the public email address that can be whatever the hell the user wants.
posted by Ethereal Bligh at 4:09 PM on October 17, 2007


Yes, thanks much for listening, mathowie. I would agree with mediareport that there should be a happy medium between no email displayed and a mailto link, but I have no idea how/if that would foul up the (much appreciated) behind-the-scenes changes happening. Anyway, thanks for being responsive, and for constantly working to improve things.
posted by Rock Steady at 4:13 PM on October 17, 2007


Yeah, EB's solution preserves both the advantages Matt says he needs *and* the former functionality many users prefer. Please give us a displayed email field disengaged from admin functions.
posted by mediareport at 4:13 PM on October 17, 2007


Well that'd just damned weird. I wonder if it's a old-vs-new situation, then; check my profile and you'll find my munged address, but I never changed it through all this. I guess it's the email-verification routine that pb has put into place that's that roadblock, not the field, so sorry for the misunderstanding there: the field is in place, you just can't, uh, use it.

Probably we should disable that check at change time for the time bieng.
posted by cortex (staff) at 4:17 PM on October 17, 2007


Like I said twice already, having a system asking for two email addresses is dumb and I'm not going to do that.

Half a dozen people here have said they want a plain old public email showing and I gave everyone that. If you don't want to share your email address, use the PM system that's almost ready to go.
posted by mathowie (staff) at 4:21 PM on October 17, 2007


Matt, all we want is an empty field that says "email" or something that we can fill in however we like. That's not dumb. That's useful.

But ok, guess I'll have to live with the loss of the ability to slightly munge an email address. I don't even remember if I'd had it munged before; I usually do but whatever.
posted by mediareport at 4:24 PM on October 17, 2007


cortex: colemak! and quin: I'm going to guess Underwood.
Stop using up perfectly good password possibilities! (Don't say Dvorak either!)
posted by typewriter at 4:32 PM on October 17, 2007


there's no 'munged email address' field yet.

There isn't going to be one. It's incredibly frustrating to read stuff like this. I've said I'm not doing it because it's confusing and several people here say spam is not and was never an issue and asked for plain old email addresses to be shown, which I did.

If you want me to munge everyone's working emails in a predictable way, that's how I did it before, but it still leaves emails prone to scraping by a simple tweak (every time you see foo at blah dot com, change the at to @ and dot to . to get real emails).

So, how should your working email be displayed on the site?
posted by mathowie (staff) at 4:35 PM on October 17, 2007


It's fine the way it is now. People who are worried about scraping can hide their email and wait for the contact system. People, like me, who aren't worried can display their email to other users, like it was for years.

The thought that a spammer who would know and care enough about MetaFilter to sign up just so he could scrape my email address would be stymied by invalid characters is hilarious.

Let's put this thread to bed and let mathowie and pb get to work on some other ponies.
posted by timeistight at 4:52 PM on October 17, 2007


mathowie: "It sounds like a compromise would be allowing people to continue to display their email optionally, but also finish the new mail system, which would be turned on by default for everyone (with the option to turn it off).

I'm frustrated because I've just embarked on a complete rewrite of the user login system to do a dozen things people have asked for weekly ... after taking a few steps off the starting line, everyone in the crowd is yelling at me to stop.
"
Because, in order to fix one problem, you broke a vital part of the real functionality of the site, however unintentionally. Look on the bright side - you now know how important it is to a portion of users to be readily contactable and to contact other users without an intermediary. You also know that, in the main, people trust you to protect their e-mail address within reasonable bounds. You also know (as if you didn't already) that users here will not lie down and accept every change you make unless you can defend your reasons for doing so. New information is always good.

jessamyn: "I tried a functioning but mungey email address

jessamyn+loveseveryoneevenyou@gmail.com

and it wont accept that either. I think the issue is that if you munge the address, it's available to humans but not available to the password-mailing bot which was I think one of the original goals of this whole project.
"
Given the screams of frustration and cries of disbelief over the years when people have found that they can't change/retrieve their e-mail, I think you would be forgiven for using the Kadir-Buxton method on anyone who seriously bitches about this.

mathowie, thanks for the compromise - I appreciate being able to contact other members outside the site and, not that it has ever happened in my memory, for others to reach me should they so wish.
posted by dg at 5:30 PM on October 17, 2007


Um, yeah, that should say "change/retrieve their password of course.
posted by dg at 5:32 PM on October 17, 2007


Hmm ... does this site really need functioning email addresses? First off, it's v. bad security practice to a) send out passwords in plaintext, b) store them in such a way that they can be recovered to plaintext.

I mean, I can see it if you want people to be able to get a "reset password" link, but in that case just send it to the paypal address. You've got that for the majority of users, and all the previous users are too pretty, talented and smart to forget their frickin password.
posted by bonaldi at 5:46 PM on October 17, 2007


I think its fine the way it is. You don't want your email shown, then hide it. You want to munge it, then don't display it and put the munged one in whatever that "tell us about your username" area.

Why is this so hard for people?

Looking forward to the new login/user management capabilities. I think you're on the right track and I hope you're building in some tools for your use (which may make taking all this crap worth it).
posted by disclaimer at 5:52 PM on October 17, 2007


I looked up the Kadir-Buxton method and tried it out on myself. Now I can't remember what it is.
posted by flabdablet at 6:22 PM on October 17, 2007


So, my email that's displayed in my profile is munged just like it used to be. Do I need to un-munge it to participate in the Great Password Awakening?
posted by LobsterMitten at 6:44 PM on October 17, 2007


Do I need to un-munge it to participate in the Great Password Awakening?

At some point in the near future? Yes. Right this instant? No.
posted by jessamyn (staff) at 6:47 PM on October 17, 2007


Please forward all personal attacks, spam, scams, blackmail attempts, ransom notes, virtual viagra and attachments over 1GB to wendellwit@gmail.com. All love letters and Nobel Prize notifications go to wendell@wendellwit.com. And, no, I'm not stupid enough to think that'll work, but those two addresses are already publicly known, and there's a good chance that personal messages will get past the filters on at least one of them. Until the current hopelessly broken system of email is replaced with something better, you (and I) just have to deal with it. And since it's the 12th most important 'hopelessly broken system' affecting my life, it's not worth getting upset about. If it's #1 or even in the Top Three for any of you, consider yourself damned lucky.

(And the MetaFilter "what do you mean I can't change my password" system is #14... but I'm still happy to see it's getting fixed)

And, honestly, I am not a bot. Bots don't get as sick as I have been causing me to miss this thread for the last 12 hours and suffer laughter-induced coughing fits while reading it just now. Still, Asimov's Laws of Robotics are on my list of 'hopelessly broken systems', but barely in the Top 20. And, obviously, the American health care system is #1 right now. And no, I do not have MRSA; if I did I'd be on my way to Washington D.C. to expose as many legislators and Executive Branch officials as I could.
posted by wendell at 8:06 PM on October 17, 2007


Yeah, EB's solution

*head explodes*
posted by stavrosthewonderchicken at 8:35 PM on October 17, 2007


none of this shit needs to be reinvented. why is it so frickin' hard to do on metafilter what's easily done on a bazillion other sites? other sites have verified email addresses which are kept private, AND publicly viewed addresses which can be munged, (slashdot comes to mind) AND internal pm systems AND changeable passwords AND img tags.
posted by quonsar at 9:11 PM on October 17, 2007


I agree with the compromisers. If the munged e-mail setup was almost as vulnerable to scraping as functioning mail links and didn't result in members getting a lot of spam, I doubt I'll wake up tomorrow to find that a thousand offers for Nigerian Penis Warez has snuck past Gmail's filter.

Sort of shitty to keep griefing on matt after he works out a way to keep the majority of folks here happy.
posted by Alvy Ampersand at 9:18 PM on October 17, 2007


AND publicly viewed addresses which can be munged, (slashdot comes to mind) AND internal pm systems AND changeable passwords AND img tags.

You forgot those suckass branchy comment systems.
posted by Alvy Ampersand at 9:20 PM on October 17, 2007


When I was a boy of around the age of seven, the sentence "I have a grandfathered-in munged email" would've gotten either myself or my grandfather in a LOT of trouble.

Now, I wear that sentence like a badge of honor.
posted by item at 10:31 PM on October 17, 2007


Yeah, EB's solution

*head explodes*


Oops.
posted by mediareport at 11:27 PM on October 17, 2007


I munged your grandmother.
posted by taz at 11:37 PM on October 17, 2007


so did hotmail.
posted by quonsar at 4:05 AM on October 18, 2007


I tried a functioning but mungey email address

jessamyn+loveseveryoneevenyou@gmail.com

and it wont accept that either.


Use of + in an email address isn't mungey. It's used by more than a few systems as a method of tagging, and an address like 'edd+mefi@example.com' is something I wouldn't be at all surprised to see in a user's address here.
posted by edd at 4:38 AM on October 18, 2007


“*head explodes*”

I don't think I understand this comment.
posted by Ethereal Bligh at 5:08 AM on October 18, 2007


mediareport said "EB's solution" which was the same solution (which is fine, I'm gratified that we agreed about it) that I had elaborated at great and exasperated length upthread, despite Matt repeatedly insisting for no good reason that he cared to deign to justify that it was STUPID, and I had just woken up and was going to be late for work, so, you know, my head exploded, because I was already so frustrated at wasting so much of fucking time trying to dun Matt over the head about it the night before.

S'OK, though. My head explodes at least a couple of times a week.
posted by stavrosthewonderchicken at 5:29 AM on October 18, 2007


mathowie: "Like I said twice already, having a system asking for two email addresses is dumb and I'm not going to do that."

On this, Matt and I see eye to eye. Those of you who keep touting the two-email suggestion: please point out a single website with more than fifteen users that does this. PLEASE. I can't believe that it would be seriously implemented.

Alvy Ampersand: "Sort of shitty to keep griefing on matt after he works out a way to keep the majority of folks here happy."

The majority is frequently wrong. Especially when it comes to deciding on a specific solution to a problem. And no one has really convinced me that there was a problem with the old way of hiding emails from non-users. Matt's cited a single report of getting spam to an address that was posted on MetaFilter. And without knowing what that address was, it's hard to say whether maybe it was discovered through other methods, like random mailbox bombing.
posted by Plutor at 5:44 AM on October 18, 2007


I'm rapidly giving less of a shit about this with each passing minute, or I'd try to argue with you about the first point, Plutor, on general principle.

But it was a suggestion engendered by Matt's artificial argument with regards to the emergent and urgent need to hide emails from logged-in users, in search of some kind of compromise he could live with. HE could live with, mind you -- it wouldn't have been an issue if emails hadn't been suddenly and inexplicably hidden never to apparently return, and it doesn't matter now that they're exposed again. I'm not claiming -- nobody is at this point, so I'm not sure why you're bothering to argue against it -- that it was a good idea in a vacuum, only a possible compromise given the constraints imposed. Constraints no longer in place.

It doesn't matter either way, though -- it's pretty clear that Matt's responses in this thread to suggestions he didn't like, namely "you're just afraid of change" and "that's stupid" -- are about as substantive as we're going to get for the effort, so I'm pretty much into why-bother-land at this point. He'll mostly do what he likes, as he should, because it's his site.

Again, though, I'm pleased we have email addresses on our profiles again, and I thank him for reinstating them.
posted by stavrosthewonderchicken at 6:03 AM on October 18, 2007


"if I did I'd be on my way to Washington D.C. to expose as many legislators and Executive Branch officials as I could."

You should start with Senator Craig. I hear he likes exposing himself.

(And second edd's comment that the plus sign is a very valid character for email addresses. I am one of those examples he refers to.)
posted by inigo2 at 6:50 AM on October 18, 2007


The majority is frequently wrong. Especially when it comes to deciding on a specific solution to a problem. I'm not among them. I keed, I keed.

While I agree with that point, I don't think it's relevant in this situation - the decision was not the majority's to make, it was matt's, who introduced a second solution in response to those of us who preferred the original system rather than the MeMail.

Near as I can tell, things are pretty much the same as they were before, only now there are live e-mail links rather than munged text, which required the backbreaking tedium of copying, pasting, and/or a couple of keystrokes. And in a little while, there'll be a new messaging doohickie for people who enjoy that sort of thing. Mind you, I'm not one of them and would appreciate an option to disable MeMail on my end as I'm too lazy and forgetful to keep up with such a thing, but as far as I'm concerned as a user, nothing has been taken away from the site.
posted by Alvy Ampersand at 10:00 AM on October 18, 2007


jessamyn: I tried a functioning but mungey email address

jessamyn+loveseveryoneevenyou@gmail.com


The problem with this (and I tried it, too) is that the RFC2822 specification for email addresses allows '+' addressing (See here).

If you're going to validate addresses, please, please use a full validator so that non-munged valid addresses like that one, or offby1+metafilter@gmail.com, work.
posted by ChrisR at 10:05 AM on October 18, 2007


Good point, '+' addressing is now allowed, thanks.
posted by pb (staff) at 10:25 AM on October 18, 2007


Thanks, pb! That was fast.
posted by ChrisR at 10:31 AM on October 18, 2007


Plutor writes "On this, Matt and I see eye to eye. Those of you who keep touting the two-email suggestion: please point out a single website with more than fifteen users that does this. PLEASE. I can't believe that it would be seriously implemented."

Yahoo Groups allows for multiple email addresses. You can keep your main email address secret for password purposes only and route all your group mail through other addresses (which is exactly what I do).
posted by Mitheral at 5:33 PM on October 18, 2007


« Older You Tube Meta Data   |   London Calling/Calling London. Newer »

You are not logged in, either login or create an account to post comments