Will Brubaker
(@willthewebmechanic)
Automattic Happiness Engineer
Is it a plugin that you downloaded from the public repository here on wordpress.org ? If so, which plugin?
Yes, I installed it on a test site from the add new plugins page. The plugin is ShareThis or Share This. I’m in the habit of not giving plugins my email, so I’m pretty sure they harvested it from my account. I’d deleted the plugin as it wasn’t meeting my needs before receiving the email spam.
Please post this topic in the ShareThis support forum.
I didn’t want to mention it out in the open at all, my hope was there were proper channels to report it, because my thought was that it might be breaking a policy for hosting a plugin through wordpress.org. The other plugin doing it is Shareaholic.
Going to the support forums now.
Andrew Nevins
(@anevins)
WCLDN 2018 Contributor | Volunteer support
You can report it to plugins@wordpress.org
Hi All,
When the plugin is first installed, it directly sends a one-time notification email to the admin of the WordPress install with a link to customer support, etc. The email is designed to help the user get started.
The email is handled similar to how WordPress now sends a notification email when automatic/background upgrades are done. ie. WordPress does not harvest email addresses and neither does Shareaholic. WordPress or the plugin directly sends the email.
Related: http://wordpress.org/support/topic/are-you-pulling-admins-emails-from-their-wordpress-installs