[Mailman-Users] Programmatic Subscription
mark at msapiro.net
Fri May 9 21:39:19 CEST 2008
Brad Knowles wrote:
>Bill Honneus (honneus) wrote:
>> When a user subscribes or unsubscribes from a mailing list, they are
>> sent an email confirmation and must click a link on the web interface or
>> reply to the email to confirm their subscription/removal. One of our
>> engineers is creating a portlet on a web application, and what he wants
>> to do is allow the user to be immediately subscribed as soon as they
>> click a link. Is there a way to configure Mailman so that a user is
>> immediately subscribed or removed without the confirmation process?
>It's easy enough to do with the command-line tools, if you know what you're
Or see some of the results from
>> Alternatively, if we were to write some custom code on our application,
>> could we simply call the subscribe cgi script, and then send the
>> confirmation request from the application without asking the user for
>> further input?
>> Please let me know if this is a sound approach.
>I would strongly encourage you folks to *NOT* do this. It's so easy to
>abuse these kinds of systems and sign someone up for a billion different
>There's a reason why the default with Mailman is so that the user has to
>confirm their subscription request.
I see in another reply that you plan on verifying the user via your web
application before the subscribe/unsubscribe. This is fine, but you
have to be sure that you protect against a user viewing the html
source of your request form and figuring out how to post a
(un)subscribe request to your application.
In other words, you have to protect against one validated user
(un)subscribing other users.
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users