From 0951666cbb577fec1891209f108610fc015cff4c Mon Sep 17 00:00:00 2001
From: James Rowan <james.rowan13@gmail.com>
Date: Wed, 5 Jul 2017 13:02:02 -0400
Subject: [PATCH] emails: Confirmation emails should come from the NOREPLY
 address.

This prevents users from accidentally sending a confirmation link
specific to their account to their Zulip administrator if they reply
to the invitation, invitation reminder, account confirmation, or new
email confirmation emails.
---
 zerver/lib/actions.py             | 4 ++--
 zerver/views/registration.py      | 2 +-
 zerver/worker/queue_processors.py | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/zerver/lib/actions.py b/zerver/lib/actions.py
index 7ef433acb3..127cd28711 100644
--- a/zerver/lib/actions.py
+++ b/zerver/lib/actions.py
@@ -640,7 +640,7 @@ def do_start_email_change_process(user_profile, new_email):
     activation_url = EmailChangeConfirmation.objects.get_link_for_object(obj, host=user_profile.realm.host)
     context = {'realm': user_profile.realm, 'old_email': old_email, 'new_email': new_email,
                'activate_url': activation_url}
-    send_email('zerver/emails/confirm_new_email', new_email, from_address=FromAddress.SUPPORT, context=context)
+    send_email('zerver/emails/confirm_new_email', new_email, from_address=FromAddress.NOREPLY, context=context)
 
 def compute_irc_user_fullname(email):
     # type: (NonBinaryStr) -> NonBinaryStr
@@ -3053,7 +3053,7 @@ def do_send_confirmation_email(invitee, referrer, body):
     """
     activation_url = Confirmation.objects.get_link_for_object(invitee, host=referrer.realm.host)
     context = {'referrer': referrer, 'custom_body': body, 'activate_url': activation_url}
-    send_email('zerver/emails/invitation', invitee.email, from_address=FromAddress.SUPPORT, context=context)
+    send_email('zerver/emails/invitation', invitee.email, from_address=FromAddress.NOREPLY, context=context)
 
 def is_inactive(email):
     # type: (Text) -> None
diff --git a/zerver/views/registration.py b/zerver/views/registration.py
index 35fbdcc4b8..056c8c3255 100644
--- a/zerver/views/registration.py
+++ b/zerver/views/registration.py
@@ -313,7 +313,7 @@ def send_registration_completion_email(email, request, realm_creation=False):
     """
     prereg_user = create_preregistration_user(email, request, realm_creation)
     activation_url = Confirmation.objects.get_link_for_object(prereg_user, host=request.get_host())
-    send_email('zerver/emails/confirm_registration', email, from_address=FromAddress.SUPPORT,
+    send_email('zerver/emails/confirm_registration', email, from_address=FromAddress.NOREPLY,
                context={'activate_url': activation_url})
     if settings.DEVELOPMENT and realm_creation:
         request.session['confirmation_key'] = {'confirmation_key': activation_url.split('/')[-1]}
diff --git a/zerver/worker/queue_processors.py b/zerver/worker/queue_processors.py
index 3946177dd1..2476760b41 100644
--- a/zerver/worker/queue_processors.py
+++ b/zerver/worker/queue_processors.py
@@ -180,7 +180,7 @@ class ConfirmationEmailWorker(QueueProcessingWorker):
         send_future_email(
             "zerver/emails/invitation_reminder",
             data["email"],
-            from_address=FromAddress.SUPPORT,
+            from_address=FromAddress.NOREPLY,
             context=context,
             delay=datetime.timedelta(days=2))