https://wiki.au.baesystems.com/display/SSD/MLB+-+Melbourne+Bourke+Street

Security Requirements: Physical

Physical Security Zone - Definitions

Extract: Australian Government Protective Security Principles Framework 16 Entity Facilities

link did no work.

https://www.protectivesecurity.gov.au/physical/entity-facilities/Pages/default.aspx#b2

Page not found .......

We were able to at least hide large groups from the share menu with this css. You can use the group name and/or the mail address itself. Maybe it helps someone.

.aui-dropdown li:has(span[title="MyLargeGroup"]) { display: none; } 
.aui-dropdown li:has(span[title="largegroup@company.com"]) { display: none; } 

But we have to do it for every large group, and there is no guarantee to have included every single one at all times. So a limit function depending on group size would be very helpful.

This bit us again recently.

1. A page share was sent to our entire company (ouch)
2. 2000+ new users accessed Confluence for the first time
3. The whole Confluence instance went read-only because it exceeded the license limit

Would at least appreciate an option to disable page sharing without breaking access to the tiny link. May be possible to do this by hacking the CSS/JavaScript?

Perhaps the best way to do this can be documented as a work-around please?

The status of the ticket seems to be 'needs verification'. I can verify that groups, eg confluence-users, can have tens of thousands of members. I can verify that a stupid user can share a page with such a group. I can verify that the resulting spam storm is not funny.

A improvement or configuration for the "Share with Group" would be nice. I commented on ticket CONF-29961.
https://jira.atlassian.com/browse/CONF-29961?focusedCommentId=892882&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-892882.

After upgrading to 5.8.17, we see that there is now a 'share' button in the upper right corner of the preview view which manifests the same problems in regard to groups, so I want to be sure it gets noted in this issue. It is available if you have disabled the 'Share Page' plugin disabled. There is another issue with this button as well – it seems to be available even to anonymous viewers. So, a world-readable page containing an image can expose all your users and groups to the world at large.

My vote for #2. It would be awesome if we can provide the list of some groups or email addresses that no one could send email from Confluence by configuring it in some sort of way. Don't know the best place though.

Thanks for addressing this issue.
Expanding a bit on my comment to 22430 –
What would be best, from our perspective, would be to have a set of options available, e.g.:
1. option to disable mail to Confluence groups completely.
2. option to have mail to Confluence groups enabled, but with a configurable black list consisting of groups which should never appear in any mail-to option or operation
3. similar to 2 – configurable size trigger – disable emailing to Confluence groups with membership greater than size n
4. option to have Confluence ignore group names in the autocomplete
5. option to restrict emailing such that only those who can view the page can be emailed.

Regarding 2 and 3, note that it is not only large groups that we – and, I suspect, others – would need or wish to exclude.
Regarding entering of random emai addresses, if someone enters the address of a non-Confluence mailing list, that's probably ok from a spam perspective – the central mail server should take care of filtering those appropriately, but it's still a problem in that, for those group email addresses that are allowed through, a significant number of people may receive email pointing them at a Confluence resource to which they do or should not have access. We need to have email go only to individual Confluence users for whom we have an email address or to Confluence groups, subject to the constraints listed above.