Enable omission of message snippets in email notifications
For organizations with advanced compliance requirements, this feature should enable a System Administrator to omit the inclusion of message contents in email notifications.
This setting is available in E20: https://docs.mattermost.com/administration/config-settings.html#enable-notification-contents.
My current solution to this (on a non-enterprise install) is to set "Notifications > Enable Email Notifications" to "false" in the System Console. Absurd but the only secure option.
Markus Häll commented
any update on this?
as this is a big problem for gdpr in eu
Is there any way that this feature could be made available to E10 or the CE? As other users have mentioned, sending the full message content in emails completely invalidates the security benefits of Mattermost. As a result, system admins need to choose between completely disabling emails or losing the security benefits of the system.
At minimum, it would be great if there were an option to disable email notifications but still permit email user registration.
Michael D. commented
This feature is a basic need for every Mattermost platform and from my perspective MANDATORY to be compliant with GDPR.
You either have to forbid users to write about any personal data in their mattermost messages or you have to
* disable the email notification completely
* or be able to disable to sent out message contents
* or be able to encrypt the emails.
So, at the moment, all Mattermost team instances in the EU violate GDPR in the standard configuration. You can not disable to sent out message contents. You just can disable email notifications completly, but then your users will see a "Preview mode" warning.
As I understand there is a feature in the Enterprise version to disable contents. I propose to move this basic feature in all Mattermost versions and disable to sent out contents by default
I have a similar compliance-related idea which might be interesting for those who like/need this feature here as well. While this one here might fit for TE, my idea might be more appropriate for EE.
This one here got my vote anyway, as it is a first step in the right direction.
Agreed that this should be open to community as well. Enterprise isn't the only group concerned about privacy.
Only for Enterprise Edition and both tickets on Atlassian are closed.
Insecure by default is pretty poor form, @mattermost.org
This should be a feature for Team Edition. Security is necessary and needs to be accessible for everyone.
I pointed out the issue on the forum so I absolutely agree on this. This feature really is required