Skip to content

Update spam/security response #125

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -638,11 +638,11 @@ Some caseworking design patterns from when Chris from Home Office used to run a

### Does the Design System encourage scam sites?

> Sorry you've received that, spam and scam emails are always concerning. In government we do keep an eye out for scam sites and take them down. If you'd like to report one, you can use this link:
> Thanks for letting us know of your concern about the Design System site being public. This is by design. As it is for most projects at GDS, we [work in the open](https://gds.blog.gov.uk/2017/09/04/the-benefits-of-coding-in-the-open/), which brings many benefits. Particularly for us, working in the open is critical for collaborating with the many government organisations who use our components. It also helps us share best practices not just within government but with everyone.
>
> https://www.gov.uk/report-suspicious-emails-websites-phishing
>
> As for this repo, unfortunately if people want to run a scam, it's already fairly easy to copy and paste code from any website in order to impersonate it.
> Scammers can already easily create fraudulent websites by accessing any website and scraping the code of the web pages sent to their browser to create a lookalike. The Design System being private would not prevent a scammer from creating a fraudulent site. If you do notice a particular website impersonating a Government service, we encourage you to report it using this link: https://www.gov.uk/report-suspicious-emails-websites-phishing
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@owenatgov I think that's in this paragraph that you were proposing to add extra details about security like monitoring GDS has in place for scam sites and policies like sites being hosted on service.gov.uk. Feel free to add a proposal for how you'd phrase this 😊

>
> It's also worth noting that our components and patterns don't have any security sensitivity: they're about foundational features (like setting the typography of the pages or implementing form fields accessibly) rather than processing and storing users' or organisations' data.

### Marketing emails or other spam not requiring a response

Expand Down