[Fixed] Tracking links in notification emails


#1

Discourse sends notification emails in some cases when stuff happens, which is great, but the HTML version contains misleading links.

<p>To respond, reply to this email or visit <a href="http://mandrillapp.com/track/click.php?u=3022&id=b9389b72f7394&url=http%3A%2F%2Fdiscourse.wicg.io%2Ft%2Finitial-set-your-own-initial-styles-for-css-properties%2F198%2F7&url_id=6f6177a5a377b97e">http://discourse.wicg.io/t/initial-set-your-own-initial-styles-for-css-properties/198/7</a> in your browser.</p>

When rendered, it looks like a link to http://discourse.wicg.io/ but it actually goes to an unrelated domain. To a path, of all things, called /track/click.php. This smells bad. So much that Thunderbird (at least for me) shows a big red warning “This message may be a scam.”

Why is this the case? Who has access to the collected data? How is it used? Can and should this be disabled for specifiction.org?


#2

This really feels like something you should be reporting to Discourse; we just use their software. (We didn’t write it ourselves.)


#3

Good point. https://meta.discourse.org/t/tracking-links-in-notification-emails/16482


#4

I guess it’s up to @robin to disable it? https://meta.discourse.org/t/tracking-links-in-mandrill-notification-emails/16482/3


#5

Thanks for reporting and looking into this @SimonSapin. I basically set this up on the side and customised very little. Mandrill is not a hostile domain, it’s just the provider used for email blasts. They are not tracking for their purpose, they’re tracking opens and clicks for their customers by default because that’s what people normally expect from emailing services.

I have found the option and disabled it, it should be gone now.


#6

Status: RESOLVED FIXED