[Mailman-Users] This is unixstuff warning

JT luser at ahab.com
Thu Jun 14 20:51:06 CEST 2001 

On Thu, Jun 14, 2001 at 11:04:00AM -0700, Chuq Von Rospach wrote:
[snip]
> A small percentage. maybe 1/2 of 1%. The problem is that their hassle 
> factor is way out of proportion to their numbers.

Agreed.

[snip]
> >  Try working a cash
> > register for a couple months and you'll see how true this is.
> 
> or a telephone as a support person.

*shudder* I was trying not to remember that one.

[snip]
> > 	2) Simplify the 'unsubscribe' option for people who've forgotten
> > 	the passwords
> 
> One of the things I'm working on is creating a one-click unsubscribe for 
> my systems. It'll encode enough user information in the URL to be able 
> to auto-search for the user and bring that user record up on the web 
> page; and also extend the email side to use the plus notation 
> (unsubscribe+userdata at applenews.lists.apple.com) to pre-encode that as 
> well, and get away from trying to use the From: line on email unsubs, 
> since that's bogus on 5-7% of the email requests I see these days, 
> thanks to hotmail, yahoo, corporate naming systems and people's wide use 
> of .forwards...

Woohoo!  This is better.  Ultimately, anything harder than "click here
to unsubscribe" isn't taking that extra step for the user.

> 
> and passwords on unsubs are silly (sorry, Barry). Users who want to 
> unsubscribe want off. they don't want to play games, they just want to 
> leave. I have, in the last decade, seen ONE instance of forged unsubs on 
> my mail lists, and that was a guy who was trying to make a point and so 
> unsubsribed me from my own lists. Let's just say he didn't appreciate 
> the response.

I see both sides to that one, actually.  It is, of course, far more
interesting to annoy people by *subscribing* them to lists than
unsubscribing them (easy enough on corporate sites, if not Mailman
ones ;-), but still don't want it done to me - most users won't have
the time or information to bother making the forger un-appreciate his
action.

There must be some way of doing this relatively low-impact and safe,
like sending out a crypt of a piece of private user info.  Of course,
this means customized emails for each user, which is not zero-impact,
but...

	1) Don't provide an unsubscribe link
	2) Accept the possibility of spoofing
	3) Accept higher delivery costs (customized mail)

The current flavor is 1), which does entail more work for users and
admins...  Geez, I'd better shut up before I find any more cats to
bell.

More information about the Mailman-Users mailing list