[wp-trac] [WordPress Trac] #40081: Remove wp-admin links from all Core emails
WordPress Trac
noreply at wordpress.org
Tue Jul 15 09:36:21 UTC 2025
#40081: Remove wp-admin links from all Core emails
-------------------------+------------------------------
Reporter: iandunn | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Mail | Version:
Severity: minor | Resolution:
Keywords: 2nd-opinion | Focuses: administration
-------------------------+------------------------------
Changes (by SirLouen):
* keywords: => 2nd-opinion
* type: defect (bug) => enhancement
* severity: normal => minor
Comment:
`URI_WPADMIN` was introduced in SpamAssassin mostly to hinder pishing
attempts. So I totally agree with @iandunn with the fact that we should
avoid any `wp-admin` URLs at all costs, regardless of the current filter
(in fact given that we have identified that the filter is only affecting
to network sites, this should be actually reported to SpamAssassin to
improve their attempts to stop this).
About the `PHP_ORIG_SCRIPT` this is not applying any more for most of the
modern configurations and local MTA. See related examples in #39709 of not
applying this with the provided emails (that used to trigger this
according to your report). Although this is being triggered by `X-PHP-
Script` and `X-PHP-Originating-Script` and I can't really see any of them
in your sample emails nor, they weren't triggered by postmark API when I
copied the raw email. Not sure why they got triggered back in the day
I'm going to do a little audit on all the emails being sent atm to see
which could be potentially flagged/are mistakenly using `wp-admin` (in
your sample, you were sending this emails from a MS config, hence the
`network` thing for the pattern).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40081#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list