[Mailman-Users] Allowing users to join without specifying pas swords
Barry A. Warsaw
barry at digicool.com
Fri Jun 15 19:10:14 CEST 2001
>>>>> "NB" == Norbert Bollow <nb at thinkcoach.com> writes:
>> I definitely hear what Chuq's saying, and what others have
>> asked for quite often. I'm mulling over ways to make
>> unsubscribing dead simple both for users to accomplish, and for
>> admin's to explain how it's done.
NB> How about this: Put a link "to unsubscribe click here" at the
NB> bottom of every mail you send out. That link has the
NB> subscriber's email address embedded in it, and it leads to a
NB> CGI program which checks (by means of a reverse DNS lookup)
NB> whether the IP address from which the click comes belongs to
NB> the same domain as the email address for which unsubscription
NB> is requested.
NB> If yes, unsub immediately.
NB> If no, require email confirmation for the unsub request.
I'm not so concerned about security. I figure that if we're crafting
a message for UserA, we can generate a unique url for that user to
click on to unsubscribe. Sure someone could intercept the email (and
probably does ;), but we're not opening any more holes than already
exist by doing this.
The biggest hangup I've had with this approach is that it requires
Mailman to send N number of messages to the MTA, where N is the number
of members, as opposed to the currently 1 message it now sends (modulo
That's always seemed a big pill to swallow, but maybe it's time to
make that optional? I'd just want to be sure that if you decide to do
that for your 150k member list, you know what you're doing. ;)
Obviously site admins would have to be able to control this pretty
But I'm open to suggestions!
More information about the Mailman-Users