bug#46472: Make lisp/mail/uce.el obsolete

[Stefan Kangas <stefan@marxist.se>]

Eli Zaretskii <eliz@gnu.org> writes:

> The method of "recommendation" you propose is too strong for my
> palate, sorry.  In general, I believe that people should be left to
> their devices unless what they do causes harm to others.
> Second-guessing other people under the assumption that we know better
> is something I don't like doing, and don't like others doing to me.
>
> How about adding some warnings to uce.el instead, either in the
> commentary or when the main entry point is invoked for the first time
> in a session?

Is this okay for emacs-28?

diff --git a/lisp/mail/uce.el b/lisp/mail/uce.el
index b07004de38..611181ca61 100644
--- a/lisp/mail/uce.el
+++ b/lisp/mail/uce.el
@@ -24,11 +24,53 @@
 ;;; Commentary:

 ;; The code in this file provides a semi-automatic means of replying
-;; to unsolicited commercial email (UCE) you might get.  Currently, it
-;; only works with Rmail and Gnus.  If you would like to make it work
-;; with other mail readers, see the mail-client dependent section of
-;; uce-reply-to-uce.  Please let me know about your changes so I can
-;; incorporate them.  I'd appreciate it.
+;; to unsolicited commercial email (UCE) you might get.
+
+;; -- !!! NOTE !!! --------------------------------------------
+;;
+;; Replying to spam is at best pointless, but most likely actively
+;; harmful.
+;;
+;; - You will confirm that your email address is valid, thus ensuring
+;;   you get more spam.  Spammers use tricks like getting you to reply
+;;   and/or clicking unsubscribe links, etc. to confirm that you
+;;   should stay on their lists.
+;;
+;; - You will leak information (e.g. on your email server and setup),
+;;   thus opening yourself up for further attack.  More importantly,
+;;   they are likely to find your IP, thus your physical location (see
+;;   "geolocation"), and by combining that data with your name it
+;;   should be trivial to find e.g. your home address and phone
+;;   number.
+;;
+;; - The sender address is likely fake.  (For example, you might
+;;   unwittingly participate in flooding someones mailbox.  The
+;;   abuse@domain and postmaster@domain is unlikely to be able to act
+;;   on your reply.)
+;;
+;; - You open yourself up to various kinds of social engineering.
+;;   This could be the first in a planned exchange where they will
+;;   attempt to trick you to divulge sensitive information.
+;;
+;; - You confirm that the email landed in your inbox, and not the spam
+;;   folder.  This confirms to them that their current method of
+;;   spamming is useful, and helps them continue.
+;;
+;; - Scammers have been known to threaten, intimidate, and use other
+;;   forms of criminal manipulation.  Be aware that replying to spam
+;;   can lead down a path that you may not want to be on.
+;;
+;; Therefore, we strongly recommend that you do not use this package.
+;; Use a spam filter instead, or just delete the spam.
+;;
+;; If you still want to use it, read on.
+;;
+;; ------------------------------------------------------------
+
+;; Currently, it only works with Rmail and Gnus.  If you would like to
+;; make it work with other mail readers, see the mail-client dependent
+;; section of uce-reply-to-uce.  Please let me know about your changes so
+;; I can incorporate them.  I'd appreciate it.

 ;; The command uce-reply-to-uce, if called when the current message
 ;; buffer is a UCE, will setup a reply *mail* buffer as follows.  It
@@ -204,6 +246,12 @@ uce-subject-line
   "Subject of the message that will be sent in response to a UCE."
   :type 'string)

+(defcustom uce-i-want-to-use-this nil
+  "Non-nil means that you don't want the warning message about this package.
+See `uce-reply-to-uce' for background."
+  :type 'boolean
+  :version "28.1")
+
 ;; End of user options.


@@ -218,7 +266,44 @@ uce-reply-to-uce
   "Compose a reply to unsolicited commercial email (UCE).
 Sets up a reply buffer addressed to: the sender, his postmaster,
 his abuse@ address, and the postmaster of the mail relay used.
-You might need to set `uce-mail-reader' before using this."
+You might need to set `uce-mail-reader' before using this.
+
+-- !!! NOTE !!! --------------------------------------------
+
+Replying to spam is at best pointless, but most likely actively
+harmful.
+
+- You will confirm that your email address is valid, thus ensuring
+  you get more spam.  Spammers use tricks like getting you to reply
+  and/or clicking unsubscribe links, etc. to confirm that you
+  should stay on their lists.
+
+- You will leak information (e.g. on your email server and setup),
+  thus opening yourself up for further attack.  More importantly,
+  they are likely to find your IP, thus your physical location (see
+  \"geolocation\"), and by combining that data with your name it
+  should be trivial to find e.g. your home address and phone
+  number.
+
+- The sender address is likely fake.  (For example, you might
+  unwittingly participate in flooding someones mailbox.  The
+  abuse@domain and postmaster@domain is unlikely to be able to act
+  on your reply.)
+
+- You open yourself up to various kinds of social engineering.
+  This could be the first in a planned exchange where they will
+  attempt to trick you to divulge sensitive information.
+
+- You confirm that the email landed in your inbox, and not the spam
+  folder.  This confirms to them that their current method of
+  spamming is useful, and helps them continue.
+
+- Scammers have been known to threaten, intimidate, and use other
+  forms of criminal manipulation.  Be aware that replying to spam
+  can lead down a path that you may not want to be on.
+
+Therefore, we strongly recommend that you do not use this package.
+Use a spam filter instead, or just delete the spam."
   (interactive)
   ;; Start of mail-client dependent section.
   (let ((message-buffer
@@ -358,7 +443,49 @@ uce-reply-to-uce
       ;; Run hooks before we leave buffer for editing.  Reasonable usage
       ;; might be to set up special key bindings, replace standard
       ;; functions in mail-mode, etc.
-      (run-hooks 'mail-setup-hook 'uce-setup-hook))))
+      (run-hooks 'mail-setup-hook 'uce-setup-hook)))
+  (unless uce-i-want-to-use-this
+    (pop-to-buffer (get-buffer-create "uce-reply-to-uce warning"))
+    (insert "-- !!! NOTE !!! --------------------------------------------
+
+Replying to spam is at best pointless, but most likely actively
+harmful.
+
+- You will confirm that your email address is valid, thus ensuring
+  you get more spam.  Spammers use tricks like getting you to reply
+  and/or clicking unsubscribe links, etc. to confirm that you
+  should stay on their lists.
+
+- You will leak information (e.g. on your email server and setup),
+  thus opening yourself up for further attack.  More importantly,
+  they are likely to find your IP, thus your physical location (see
+  \"geolocation\"), and by combining that data with your name it
+  should be trivial to find e.g. your home address and phone
+  number.
+
+- The sender address is likely fake.  (For example, you might
+  unwittingly participate in flooding someones mailbox.  The
+  abuse@domain and postmaster@domain is unlikely to be able to act
+  on your reply.)
+
+- You open yourself up to various kinds of social engineering.
+  This could be the first in a planned exchange where they will
+  attempt to trick you to divulge sensitive information.
+
+- You confirm that the email landed in your inbox, and not the spam
+  folder.  This confirms to them that their current method of
+  spamming is useful, and helps them continue.
+
+- Scammers have been known to threaten, intimidate, and use other
+  forms of criminal manipulation.  Be aware that replying to spam
+  can lead down a path that you may not want to be on.
+
+Therefore, we strongly recommend that you do not use this package.
+Use a spam filter instead, or just delete the spam.
+
+Customize the variable `uce-i-want-to-use-this' if you do not
+want to see this message.
+")))

 (defun uce-insert-ranting (&optional _ignored)
   "Insert text of the usual reply to UCE into current buffer."