Spam received at password recovery email


#1

I received some spam to the email I registered as my Blockstack password recovery email. I didn’t expect that this email would be accessed by those sending spam. I don’t believe this email has been disclosed in any other context.

Is there an obvious explanation or is something unexpected going on here?


#2

This seems unexpected to me. We don’t use email addresses in any way that should disclose them externally.


#3

You could have given an app the permission to use your email address. This is the same as for the reovery.


#4

I suppose that’s possible, though my understanding is that we’ve never actually passed email addresses to developers as part of the email scope. See https://github.com/blockstack/blockstack-browser/issues/1780


#5

Then the issue is not up-to-date. I just managed to retrieve my users email address via scope ‘email’.


#6

Thanks for testing – that’s news to me!


#7

Tried to add email scope but Blockstack after authentication didn’t return the email address. Is there any other way we can get email address ?