Page 1 of 1

Sender IP included in contact email

Posted: Tue Mar 28, 2006 9:25 am
by Kampp
I would like to be able to know who is spamming me and thereby be able to block spam engines/persons through the 3pd components. But I need the IP!
Adding a paramater in the backend of the contact "core component" that controles if the IP should be send with the email or not would be enough. Please please consider this...

It has been talked about here: http://forum.joomla.org/index.php/topic,18940.0.html

Re: Sender IP included in contact email

Posted: Tue Jul 04, 2006 7:00 pm
by gandalfdk
I am looking for the same solution....

/Gandalfdk

Re: Sender IP included in contact email

Posted: Wed Jul 05, 2006 2:58 pm
by diri
Legal issues are involved with storing IP addresses. Publishing without being allowed to do it is illegal in many countries.

cu, diri

Re: Sender IP included in contact email

Posted: Wed Jul 05, 2006 3:04 pm
by Kampp
There is not storing of the IP, it's grabed when sending an email through the contact form. About publishing it I don't know - it's only the administrator that gets it.

Re: Sender IP included in contact email

Posted: Wed Jul 05, 2006 3:15 pm
by diri
When it's related to contacts each contact getting an email knows about sender's IP. Are you able to ensure it's always only administrator?

Even this would be problematic because automatic storing (an email being send with those date is storing) of personal data without agreement is problematic in high degree. Even here in forum IP is stored which is problematic as well.

Re: Sender IP included in contact email

Posted: Wed Jul 05, 2006 3:50 pm
by Kampp
I know everyone that can be contacted through the Joomla standard contact component. Why would I not?

And even if it was a problem it could be switched of as it is a param pr. person just like the email is now.

Re: Sender IP included in contact email

Posted: Wed Jul 05, 2006 4:45 pm
by diri
I fear to not have been clear enough.

To give you an example about protection of privacy in Germany:

In case a user somehow gets knowledge about storing his IP without his explicit acknowledgement he can successfull sue person being in charge for website because binding IP to personal data is forbidden. When storing web longs for longer time one must do some anonymizing to ensure to not have chance to combine private data with information from logs.

How many site-ops do you want to fall into this trap?

Re: Sender IP included in contact email

Posted: Wed Jul 05, 2006 4:54 pm
by Kampp
Interesting law... How do you solve the problems of google saving sites visited by IP's?

The intent was to block spammers.
For me it seems logical that if a person is willing to spam they also accept being blocked and IP used.

In Denmark we do not in any way have a law on IP's of the sole reason that it can be dynamic and faked.
We on the other hand have laws against spammers.

I can see the problem, but if it it was implemented in the core contact people can use it or not. Perhaps also being able to show a text called something like "Your IP is forwarded with the mail but not saved in any other way"...

Re: Sender IP included in contact email

Posted: Wed Jul 05, 2006 5:11 pm
by diri
It's not only an interesting law ... you can increase your fun:

Be an ISP and provide call-by-call access.

You're allowed to store data needed for billing for some months (AFAIR six months). Afterwards you need some anonymizer. Now the fun begins: To help police you must store connection data longer than a year ... . Some years ago in managing position at an ISP I had long discussions with people from BKA (Bundeskriminalamt) about this subject.

I understood your intend very well but, it's dangerous doing it the way mentioned in several countries. It is a trap where many site-ops could be caught only for running a forum software which shows that IP is stored. On sites being maintained by me such a message is deleted in code to be sure to not to push a customer into this trap.

I'm not shure about Denmark and it's privacy related laws. Over here I don't take any risk for this. There are other things available to be friendly to a spammer.  8)

Re: Sender IP included in contact email

Posted: Wed Jul 05, 2006 5:26 pm
by Kampp
I truly find it amazing that the IP can be that holy.

How can there be a law that states that if a person is emailing you, then you are not allowed to "know" the persons IP (I can't imagine that there is a difference in know/remembering the IP, having it on paper,or electronic send with the email).

Since the IP can be a new one the second after they send the email I might just ass well have guessed one - and thats not illegal.

Then you can't even use Joomlaboard... how do you survive  ;D

Even this forum says "Your IP address is shown only to you and moderators. Remember that this information is not identifying, and that most IPs change periodically." when clicking your own IP on the right. Also I should state that before I clicked post I was not promted with a message that said my IP would be logged.

Re: Sender IP included in contact email

Posted: Wed Jul 05, 2006 6:06 pm
by diri
Kampp wrote: I truly find it amazing that the IP can be that holy.
It isn't that astonishing. Sure, it can be faked and change at some time but, have a closer look at it:
A person using always same line will have one of IP addresses. With some work done (which pool belongs to which regional area) you can almost exactly say where this person lives. This is possible even one is using net of German Telekom with several millions of users all over the country.

That's the reason why synchronizing personal data with such things like IP address is forbidden.
Kampp wrote: How can there be a law that states that if a person is emailing you, then you are not allowed to "know" the persons IP (I can't imagine that there is a difference in know/remembering the IP, having it on paper,or electronic send with the email).
That's another pair of shoes. When I tell you my IP it's my wish.
Kampp wrote: Since the IP can be a new one the second after they send the email I might just ass well have guessed one - and thats not illegal.
In theory it will change that fast, in practice - No. I.e. mine should change once per day as maximum when all works well.
Kampp wrote: Then you can't even use Joomlaboard... how do you survive  ;D
No problem at all. Re-read above posting from me, please. Hint: I know how to use an editor. ;)
Kampp wrote: Even this forum says "Your IP address is shown only to you and moderators. Remember that this information is not identifying, and that most IPs change periodically." when clicking your own IP on the right. Also I should state that before I clicked post I was not promted with a message that said my IP would be logged.
Such usage is illegal over here as long as user doesn't know about it while registering. Therefore we need a long page for legals including privacy disclaimer without JavaScript but plain readable HTML. ;)

Again: Binding IP to personal data is not allowed at some places. Like it or not. As long as nobody sues another one, all is fine. In case somebody has a good lawyer (I know a very good one in Munic) he can sue many site-ops. Not only because of logging IP addresses.  :-\

Re: Sender IP included in contact email

Posted: Wed Jul 05, 2006 7:07 pm
by lib99
Diri -

I agree that this is interesting news you have posted. In essence, those countries forbidding the storage of an IP address have made all SMTP (internet) e-mails illegal since that information is part of the message headers.  At least would be if the recipient chooses not to immediately delete all received e-mail.  :o

Presumeably, logs such as apache or mail server logs are somehow omitted by this?  Do you happen to have a online reference on the topic you could share?  (German or English (preferred) language is acceptable.)  Thanks.

Re: Sender IP included in contact email

Posted: Thu Jul 06, 2006 9:43 am
by diri
Slowly, please. I tried to explain how shizophren situation is. One can imagine how difficult desicions are in this relation.

Excuse my bad english, please, but: Do not understand it wrong.

One must have an explicit acknowledgement to store personal data. The critical part is chance to combine anonymous data with personal data.

Do not mix it with data included in a normal email: One sends an email, he transmits personal data in the very moment. If you don't want to do it this way you can use anonymous mailers.

Similar applies to anonymizers used for serving the internet (JAP, whatever). This and omitting referer breaks a lot online systems when it comes to login and identiyfing the very user. They simply don't work without those data (un-experienced or lazy coders IMNSHO).

Storing data in web logs is common use but, user tracking (a web server with active log does nothing else) is critical when there is chance to bind anonymous data to a person.

To make it more crazy:
Run a site. You are responsible for all items being published at this site. Now, run a forum. You are also kind of responsible for content of other sites when external links are published at your site (one of those external sites shows illegal content -> bang, you can come or you are in trouble).

Such items taken together shows that combining anonymous data like an IP with personal data (like data collected at a registration) produces socalled "transparent users". This is forbidden because one could sell his web logs or has access to many web logs and is able to get a complete profile of this very person than.

I have no source for further information at hand but, Google is your friend for sure. "innenminister", "daten" and "speicher" are some ideas for german keywords. There you should also being able to find something related to Deutsche Telekom and storing data about what users do while they are online from spring 2006. In short: Telco is not allowed to store those data, they still do it.  :'(

You should understand that unexperienced site-ops can fall into a trap very fast when there is functionality available and legal in other countries (i.e. encryption is forbidden in some extend in France).

cu, diri

Re: Sender IP included in contact email

Posted: Thu Jul 06, 2006 2:50 pm
by lib99
The world gets smaller and more complicated.  :'(  Thanks for the additional information, I'm compelled to research this further.

Lars

Re: Sender IP included in contact email

Posted: Mon Aug 06, 2007 9:31 am
by Kampp
Administrators can choose to activate it or not. This thread is about having the option to choose. Perhaps a solution is to also be able to show a note to the user that the IP will be emailed with the message.

Normally you can get the IP out of the email header but this is not possible when it's through the contact component. This it what I want to change!

Re: Sender IP included in contact email

Posted: Mon Aug 06, 2007 1:53 pm
by diri
Kampp,

you alway can do whatever you want for yourself.

But:

Do not enforce implementation of a feature which causes real trouble for many people.

Wether there is a switch to de-activate such a feature (default set to off) or such a feature must be private.