Problem
Email addresses are stored in plain text in src/content/people/*.md and rendered directly into the UI as visible text + mailto: links. This makes them easy for scraping bots to collect.
Evidence
- src/content/people/*.md contains raw emails (e.g. src/content/people/aylin-aydin.md).
- src/components/PersonCard.astro renders entry.data.email directly and sets href="mailto:...".
Risk
- Increased spam/phishing risk for team members.
- Public repository + rendered HTML both expose addresses.
Proposed mitigations (pick one or combine)
- Replace direct emails with contact form links.
- Obfuscate display and link generation client-side (lower protection, but better than plain text).
- Use role-based alias emails instead of personal addresses.
Acceptance criteria
- No plain-text personal email addresses in page source/DOM.
- No direct mailto: with full personal addresses in public pages.
- Team agrees on a contact method fallback (form or aliases).
Problem
Email addresses are stored in plain text in src/content/people/*.md and rendered directly into the UI as visible text + mailto: links. This makes them easy for scraping bots to collect.
Evidence
Risk
Proposed mitigations (pick one or combine)
Acceptance criteria