Subject: IMPORTANT - %DOMAIN% Matrix Identity Server - Unauthorized 3PID unbind blocked
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="7REaIwWQCioQ6NaBlAQlg8ztbUQj6PKJ"

--7REaIwWQCioQ6NaBlAQlg8ztbUQj6PKJ
Content-Type: text/plain; charset=UTF-8
Content-Disposition: inline

Hi,

**THIS IS IMPORTANT, PLEASE READ CAREFULLY**.
If you are the system administrator of the Matrix installation, read the second section.

This is a notification email that a possibly unauthorized entity has attempted to alter your
3PIDs (email, phone numbers, etc.) settings. The request was denied and no change has been made.

This is so you are aware of a possible failure in case you just tried to remove a 3PID from your account.

If you do not understand this email, please forward it to your System administrator.

-----------

As the system administrator:

If you are using synapse as a Homeserver, this is a known issue related to MSC1194 [1] and abuse of separation of concerns.
As a privacy-centric product and to protect your privacy, the request was actively blocked. We have written a more detailed
explanation on our Privacy wiki page [2] (Direct link [3]) so you can fully grasp the impact for you and your users.

We have open an issue [4] on the synapse repos to reflect the related privacy concerns and GDPR violation(s) and would
appreciate if you could comment on it or simply adds a thumbs up so the concerns are finally dealt with by the synapse dev team.

If you are using another Homeserver or this came following no action from your own users, then you have been the target
of an unbind attack from a rogue entity which was blocked. You may want to check your logs to see the exact source of
the attack and take relevant actions following your policy.

If you would like to disable these notifications, please see the 3PID sessions configuration documentation [5].

Thanks,

%DOMAIN_PRETTY% Admins

---

[1] https://github.com/matrix-org/matrix-doc/issues/1194
[2] https://github.com/kamax-matrix/mxisd/wiki/mxisd-and-your-privacy
[3] https://github.com/kamax-matrix/mxisd/wiki/mxisd-and-your-privacy#msc1194-synapse-and-impacts-on-your-privacy
[4] https://github.com/matrix-org/synapse/issues/4540
[5] https://github.com/kamax-matrix/mxisd/blob/master/docs/threepids/session/session.md#configuration

--7REaIwWQCioQ6NaBlAQlg8ztbUQj6PKJ
Content-Type: multipart/related;
	boundary="M3yzHl5YZehm9v4bAM8sKEdcOoVnRnKR";
	type="text/html"

--M3yzHl5YZehm9v4bAM8sKEdcOoVnRnKR
Content-Type: text/html; charset=UTF-8
Content-Disposition: inline

<!doctype html>
<html lang="en">
    <head>
        <style type="text/css">
body {
    margin: 0px;
}

pre, code {
    word-break: break-word;
    white-space: pre-wrap;
}

#page {
    font-family: 'Open Sans', Helvetica, Arial, Sans-Serif;
    font-color: #454545;
    font-size: 12pt;
    width: 100%%;
    padding: 20px;
}

#inner {
    width: 640px;
}
        </style>
    </head>
    <body>
        <table id="page">
            <tr>
                <td> </td>
                <td id="inner">
<p>Hi,</p>

<p><b>THIS IS IMPORTANT, PLEASE READ CAREFULLY</b>.<br/>
If you are the system administrator of the Matrix installation, read the second section.</p>

<p>This is a notification email that a possibly unauthorized entity has attempted to alter your
   3PIDs (email, phone numbers, etc.) settings. The request was denied and no change has been made.</p>

<p>This is so you are aware of a possible failure in case you just tried to remove a 3PID from your account.</p>

<p>If you do not understand this email, please forward it to your System administrator.</p>

<hr>

<p>As the system administrator:</p>

<p>If you are using synapse as a Homeserver, this is a known issue related to <a href="https://github.com/matrix-org/matrix-doc/issues/1194">MSC1194</a>
   and abuse of separation of concerns. As a privacy-centric product and to protect your privacy, the request was actively
   blocked. We have written a more detailed explanation on our <a href="https://github.com/kamax-matrix/mxisd/wiki/mxisd-and-your-privacy">Privacy wiki page</a>
   (<a href="https://github.com/kamax-matrix/mxisd/wiki/mxisd-and-your-privacy#msc1194-synapse-and-impacts-on-your-privacy">Direct link to section</a>)
   so you can fully grasp the impact for you and your users.</p>

<p>We have open an issue on the synapse repos to reflect the related privacy concerns and GDPR violation(s) and would
   appreciate if you could comment on it or simply adds a thumbs up so the concerns are finally dealt with by the synapse dev team.<br/>
   Issue: <a href="https://github.com/matrix-org/synapse/issues/4540">https://github.com/matrix-org/synapse/issues/4540</a></p>

<p>If you are using another Homeserver or this came following no action from your own users, then you have been the target
   of an unbind attack from a rogue entity which was blocked. You may want to check your logs to see the exact source of
   the attack and take relevant actions following your policy.</p>

<p>If you would like to disable these notifications, please see the
<a href="https://github.com/kamax-matrix/mxisd/blob/master/docs/threepids/session/session.md#configuration">3PID sessions configuration documentation.</a></p>

<p>Thanks,</p>

<p>%DOMAIN_PRETTY% Admins</p>
                </td>
                <td> </td>
            </tr>
        </table>
    </body>
</html>
--M3yzHl5YZehm9v4bAM8sKEdcOoVnRnKR--

--7REaIwWQCioQ6NaBlAQlg8ztbUQj6PKJ--