email/default/setpass: don't encourage contact for unsolicited receipt

Nothing can be done to the account without the token in this e-mail,
and any competent malicious actor who does have unauthorised access to
a user's e-mail inbox is also just going to delete the e-mail after
compromising the user's account anyway.

Therefore, it doesn't make sense to encourage the user to reach out to
the network administration.

Also clarify that password reset tokens are now automatically
invalidated by a successful login.

diff --git a/email/default/setpass b/email/default/setpass
index 6b2da5fcced71fe6aadd4ec5c43740eef676b70e..9fb4d18b8698ec5bf9f9ea966fad683c32beb747 100644 (file)
--- a/email/default/setpass
+++ b/email/default/setpass
@@ -6,16 +6,15 @@ Date: &date&
 
 &accountname&,
 
-Someone has requested that the password on your account be recovered,
-and sent to the e-mail address on file.  If you did not request this
-change, please let us know immediately, as it may be an attempt to
-compromise your account.
+Someone has requested that the password on your account be reset, with a
+token sent to the e-mail address on file for your account.
 
-In order to set a new password, you must send the following command
-on IRC, where <password> is the new password you wish to set.
+If you did not request this, please feel free to ignore this message, as
+no action can be taken on your account without the token in this e-mail.
+This token will also be automatically invalidated the next time you log
+into your account.
 
-/msg &nicksvs& SETPASS &accountname& &param& <password>
+In order to set a new password, you must send the following command on
+IRC, where <password> is the new password you wish to set:
 
---
-If this message is unsolicited, please contact &replyto&
-with a full copy.
+/msg &nicksvs& SETPASS &accountname& &param& <password>