Optionally permit notification emails to spoof primary email address of the user who triggered the notification email
Release notes
Problem to solve
Imagine Tan and Uki are working together in a project in their self-managed GitLab instance. Tan posts a comment in an issue. Uki receives a notification email, with a From like: "Tan system@gitlab.example.com" where Tan is the user's Full name and system@gitlab.example.com is the email_reply_to
. If reply by email is enabled, Uki's replies to this notification email are added to the issue. This is fine.
In some environments, security policies prohibit the usage of GitLab's reply by email functionality. In these situations Uki's replies are sent to an email address that can not process them (and may or may not result in a bounce message).
This is a problem because the person replying to the email (Uki) may only rely on the Full name and not notice that the email address does not match the email address of their colleague, Tan. In these situations, replies to the notification emails may not brought to the attention of the sendor or the recipient. This can lead to a situation where Tan is waiting for Uki's reply without realizing that Uki has replied. Uki is now waiting for Tan's response.
Proposal
A customer has let us know that this problem impacts them and they would like to see a solution like this:
- Permit the Administrator to enable a setting like
send_notification_as_user
The send_notification_as_user
setting would be off by default. When turned on, the notification email generated by the comment that Tan posted in the issue has a From like:
From like: "Tan tan@example.com"
instead of like:
From like: "Tan system@gitlab.example.com"
where tan@example.com
is the Primary email address for Tan.
When Uki replies, Tan receives the email in their inbox.
Somewhat related: if the problem to solve is of some interest to you but the proposed solution is not a match, you may find the New setting to disable overriding the email sender's name with the author when sending email notifications issue of interest.
What does success look like, and how can we measure that?
When Tan posts a comment in an issue, Uki receives a notification email that purports to be from the name and email address that Tan uses in their GitLab profile. Replies to that notification email are sent to Tan and the communication that was started in a GitLab issue continues via email.
User experience goal
Improve the flow of communication for users who receive and would like to reply to notification emails in environments where reply by email is not permitted.
Further details
Additional work may be required to encourage one's email infrastructure to deliver these messages properly as they may appear to be forged.
send_notification_as_user
is enabled
When There may be cases where organizations want to make use of send_notification_as_user
and reply by email. For those cases:
When send_notification_as_user
is enabled, the administrator could be given an option for whether email_reply_to
is CCd on the message that is sent. This should permit organizations to make use of send_notification_as_user
and reply by email.