[Mailman-Users] Allowing users to join without specifying pas swords

Barry A. Warsaw barry at digicool.com
Fri Jun 15 19:10:14 CEST 2001

>>>>> "NB" == Norbert Bollow <nb at thinkcoach.com> writes:

    >> I definitely hear what Chuq's saying, and what others have
    >> asked for quite often.  I'm mulling over ways to make
    >> unsubscribing dead simple both for users to accomplish, and for
    >> admin's to explain how it's done.

    NB> How about this: Put a link "to unsubscribe click here" at the
    NB> bottom of every mail you send out.  That link has the
    NB> subscriber's email address embedded in it, and it leads to a
    NB> CGI program which checks (by means of a reverse DNS lookup)
    NB> whether the IP address from which the click comes belongs to
    NB> the same domain as the email address for which unsubscription
    NB> is requested.

    NB> If yes, unsub immediately.

    NB> If no, require email confirmation for the unsub request.

I'm not so concerned about security.  I figure that if we're crafting
a message for UserA, we can generate a unique url for that user to
click on to unsubscribe.  Sure someone could intercept the email (and
probably does ;), but we're not opening any more holes than already
exist by doing this.

The biggest hangup I've had with this approach is that it requires
Mailman to send N number of messages to the MTA, where N is the number
of members, as opposed to the currently 1 message it now sends (modulo
chunking factors).

That's always seemed a big pill to swallow, but maybe it's time to
make that optional?  I'd just want to be sure that if you decide to do
that for your 150k member list, you know what you're doing. ;)
Obviously site admins would have to be able to control this pretty

But I'm open to suggestions!


More information about the Mailman-Users mailing list