Is anyone working on extending VERP-like features to allow for true one-click unsubscribe?
Right now, it's at least three-click, plus waiting for the confirmation to arrive. We'd really like to include a link in each message that will allow them to very easily get off our list.
On a related note, if we were to send HTML email (I know, I know), will variables be expanded in the text we submit so that we could create links that will be different for each user? So that, say with the current capabilities, we could have something like
<A HREF=http://mailman.nccom.com/mailman/options/kxt/%(member-address)s>Click here to manage your subscription</A>
On Wed, 2004-01-28 at 19:01, Jim Gottlieb wrote:
Is anyone working on extending VERP-like features to allow for true one-click unsubscribe?
When you say "VERP-like" I think you mean more along the lines of a mail-merge or content personalization feature. I try to use the term "VERP" to mean header, and particularly envelope sender techniques.
Right now, it's at least three-click, plus waiting for the confirmation to arrive. We'd really like to include a link in each message that will allow them to very easily get off our list.
You have to do this in an unguessable way, otherwise, attackers can simply unsubscribe anybody they want from a mailing list.
On a related note, if we were to send HTML email (I know, I know), will variables be expanded in the text we submit so that we could create links that will be different for each user? So that, say with the current capabilities, we could have something like
<A HREF=http://mailman.nccom.com/mailman/options/kxt/%(member-address)s>Click here to manage your subscription</A>
Not in Mailman 2.1. I know how to do this, and have proof-of-concept code working for Mailman 3. It requires Python 2.3 features, and will look something like this:
http://lists.example.com/mailman/unsub/${mm:unsub_token}
I believe I have a way to limit, based on list configuration, such "$mm:" substitutions to the headers and footers, or to allow such substitutions to occur anywhere in the message text (headers, body, and MIME attachments included). Such substitutions would run at about the speed of Python's string interpolation operator (read: much faster than what Mailman 2.1 does).
-Barry
On 2004-01-29 at 00:23, Barry Warsaw (barry@python.org) wrote:
When you say "VERP-like" I think you mean more along the lines of a mail-merge or content personalization feature.
What I meant was using a string including a random number, like what is done for confirmations. It's not really related to VERP. That was a poor choice of words.
You have to do this in an unguessable way, otherwise, attackers can simply unsubscribe anybody they want from a mailing list.
Right. That's what I was talking about.
I believe I have a way to limit, based on list configuration, such "$mm:" substitutions to the headers and footers, or to allow such substitutions to occur anywhere in the message text (headers, body, and MIME attachments included).
That sounds encouraging.
participants (2)
-
Barry Warsaw -
Jim Gottlieb