starred/anonaddy
1
0
Fork 0
mirror of https://github.com/anonaddy/anonaddy.git synced 2026-04-25 22:25:55 +03:00
Code Issues 103 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #173] Responding to sent email creates risk of leaking real email address #732

New issue
Closed
opened 2026-03-14 10:23:56 +03:00 by kerem · 9 comments
kerem commented 2026-03-14 10:23:56 +03:00
Owner
Copy link

Originally created by @xanoni on GitHub (Jul 7, 2021).
Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/173

Happened to me a few times and it's always extremely annoying ...

  1. You get an email on an alias and you respond to that email
  2. You realize that you forgot to mention something, so you follow-up on your (own) sent message
  3. DOXXED! AnonAddy just forwarded your real email address (which is included in your own quoted text from the previous sent email)

Isn't there some technical solution to this? E.g., filtering out everything that looks like the actual email address or other identifying information? Should be a trivial regex, but so much pain saved?

Originally created by @xanoni on GitHub (Jul 7, 2021). Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/173 Happened to me a few times and it's always extremely annoying ... 1. You get an email on an alias and you respond to that email 2. You realize that you forgot to mention something, so you follow-up on your (own) sent message 3. DOXXED! AnonAddy just forwarded your real email address (which is included in your own quoted text from the previous sent email) Isn't there some technical solution to this? E.g., filtering out everything that looks like the actual email address or other identifying information? Should be a trivial regex, but so much pain saved?
kerem closed this issue 2026-03-14 10:24:01 +03:00
kerem commented 2026-03-14 10:24:07 +03:00
Author
Owner
Copy link

@willbrowningme commented on GitHub (Jul 7, 2021):

I think this depends on the email client you are using, when I do this in Thunderbird it show's as:

On 07/07/2021 10:16, Will wrote:

quoted email...

So it does not expose the real email.

What client / web app are you using for your email?

Yes it should be possible to remove any mention of the real email from the message body.

<!-- gh-comment-id:875413935 --> @willbrowningme commented on GitHub (Jul 7, 2021): I think this depends on the email client you are using, when I do this in Thunderbird it show's as: On 07/07/2021 10:16, Will wrote: > quoted email... So it does not expose the real email. What client / web app are you using for your email? Yes it should be possible to remove any mention of the real email from the message body.
kerem commented 2026-03-14 10:24:12 +03:00
Author
Owner
Copy link

@xanoni commented on GitHub (Jul 7, 2021):

What client / web app are you using for your email?

I think this is how most popular webmail clients handle it (Gmail, Live.com, Protonmail, etc.) and probably even Thunderbird if you don't specify a name.

<!-- gh-comment-id:875964666 --> @xanoni commented on GitHub (Jul 7, 2021): > What client / web app are you using for your email? I think this is how most popular webmail clients handle it (Gmail, Live.com, Protonmail, etc.) and probably even Thunderbird if you don't specify a name.
kerem commented 2026-03-14 10:24:17 +03:00
Author
Owner
Copy link

@xanoni commented on GitHub (Jul 13, 2021):

@willbrowningme curious how you think about next steps here ... as far as I know, most webmail providers don't allow users to sanitize the "From" strings... let me know if you figure out how...

Is this something that you're planning to fix in AA directly any time soon, or should I try to find my own solution?

If the latter, then I would likely write a browser extension that strips out pre-defined regex patterns. But it's a hack, so would be better to have AA do it directly.

(This is somewhat time sensitive to me, given that I don't want more "accidents" to happen..... ticking time bomb)

<!-- gh-comment-id:879387695 --> @xanoni commented on GitHub (Jul 13, 2021): @willbrowningme curious how you think about next steps here ... as far as I know, most webmail providers don't allow users to sanitize the "From" strings... let me know if you figure out how... Is this something that you're planning to fix in AA directly any time soon, or should I try to find my own solution? If the latter, then I would likely write a browser extension that strips out pre-defined regex patterns. But it's a hack, so would be better to have AA do it directly. (This is somewhat time sensitive to me, given that I don't want more "accidents" to happen..... ticking time bomb)
kerem commented 2026-03-14 10:24:22 +03:00
Author
Owner
Copy link

@xanoni commented on GitHub (Jul 16, 2021):

Hi x,

Thank you for contacting us.

Please note that the only way to customize the original text that is shown when replying to a message is to do it manually for the particular message.

Let us know if you have any questions.

Best Regards,
The ProtonMail Team

<!-- gh-comment-id:881186383 --> @xanoni commented on GitHub (Jul 16, 2021): > Hi x, > > Thank you for contacting us. > > Please note that the only way to customize the original text that is shown when replying to a message is to do it manually for the particular message. > > Let us know if you have any questions. > > Best Regards, > The ProtonMail Team
kerem commented 2026-03-14 10:24:28 +03:00
Author
Owner
Copy link

@willbrowningme commented on GitHub (Jul 16, 2021):

I've just implemented this using a simple str_ireplace() please try it again now by replying to yourself to check.

Notes:

  • It will only remove the real email address that your are sending the reply/send from and not any of your other real recipient addresses
  • It is case insensitive
  • It will remove multiple mentions of the real email address
<!-- gh-comment-id:881520044 --> @willbrowningme commented on GitHub (Jul 16, 2021): I've just implemented this using a simple `str_ireplace()` please try it again now by replying to yourself to check. Notes: - It will only remove the real email address that your are sending the reply/send from and not any of your other real recipient addresses - It is case insensitive - It will remove multiple mentions of the real email address
kerem commented 2026-03-14 10:24:33 +03:00
Author
Owner
Copy link

@xanoni commented on GitHub (Jul 17, 2021):

THANK YOU! Will test.

EDIT: misread initially so deleted part of my message

In the end state, would it be possible to have a box in the settings where we can define our own patterns? There's other stuff we may want to remove.

<!-- gh-comment-id:881810634 --> @xanoni commented on GitHub (Jul 17, 2021): THANK YOU! Will test. EDIT: misread initially so deleted part of my message In the end state, would it be possible to have a box in the settings where we can define our own patterns? There's other stuff we may want to remove.
kerem commented 2026-03-14 10:24:38 +03:00
Author
Owner
Copy link

@xanoni commented on GitHub (Jul 17, 2021):

@willbrowningme seems to be working! however, people should note that it only deletes the email address, not the name before the email address .. so that still has to be sanitized manually, if desired

<!-- gh-comment-id:881889210 --> @xanoni commented on GitHub (Jul 17, 2021): @willbrowningme seems to be working! however, people should note that it only deletes the email address, not the name before the email address .. so that still has to be sanitized manually, if desired
kerem commented 2026-03-14 10:24:43 +03:00
Author
Owner
Copy link

@willbrowningme commented on GitHub (Jul 19, 2021):

Yes potentially an option to remove user set patterns, I'll do some more tests when I get time.

<!-- gh-comment-id:882350051 --> @willbrowningme commented on GitHub (Jul 19, 2021): Yes potentially an option to remove user set patterns, I'll do some more tests when I get time.
kerem commented 2026-03-14 10:24:48 +03:00
Author
Owner
Copy link

@xanoni commented on GitHub (Jul 19, 2021):

Got it, thank you.

<!-- gh-comment-id:882804095 --> @xanoni commented on GitHub (Jul 19, 2021): Got it, thank you.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.5.0
v1.4.1
v1.4.0
v1.3.8
v1.3.7
v1.3.6
v1.3.5
v1.3.4
v1.3.3
v1.3.2
v1.3.1
v1.3.0
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.1.0
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
v0.14.1
v0.14.0
v0.13.13
v0.13.12
v0.13.11
v0.13.10
v0.13.9
v0.13.8
v0.13.7
v0.13.6
v0.13.5
v0.13.4
v0.13.3
v0.13.2
v0.13.1
v0.13.0
v0.12.3
v0.12.2
v0.12.1
v0.12.0
v0.11.2
v0.11.1
v0.11.0
v0.10.1
v0.10.0
v0.9.1
v0.9.0
v0.8.10
v0.8.9
v0.8.8
v0.8.7
v0.8.6
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.5
v0.7.4
v0.7.3
v0.7.2
v0.7.1
v0.7.0
v0.6.2
v0.6.1
v0.6.0
v0.5.0
v0.4.0
v0.3.0
v0.2.13
v0.2.12
v0.2.11
v0.2.10
v0.2.9
v0.2.8
v0.2.7
v0.2.6
v0.2.5
v0.2.4
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

No labels
bug
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/anonaddy#732
No description provided.