[Mailman-Users] Programmatic Subscription

Mark Sapiro mark at msapiro.net
Fri May 9 21:39:19 CEST 2008

Brad Knowles wrote:

>Bill Honneus (honneus) wrote:
>> When a user subscribes or unsubscribes from a mailing list, they are
>> sent an email confirmation and must click a link on the web interface or
>> reply to the email to confirm their subscription/removal. One of our
>> engineers is creating a portlet on a web application, and what he wants
>> to do is allow  the user to be immediately subscribed as soon as they
>> click a link.  Is there a way to configure Mailman so that a user is
>> immediately subscribed or removed without the confirmation process?
>It's easy enough to do with the command-line tools, if you know what you're 

Or see some of the results from

>> Alternatively, if we were to write some custom code on our application,
>> could we simply call the subscribe cgi script, and then send the
>> confirmation request from the application without asking the user for
>> further input?
>> Please let me know if this is a sound approach.
>I would strongly encourage you folks to *NOT* do this.  It's so easy to 
>abuse these kinds of systems and sign someone up for a billion different 
>mailing lists.
>There's a reason why the default with Mailman is so that the user has to 
>confirm their subscription request.

I see in another reply that you plan on verifying the user via your web
application before the subscribe/unsubscribe. This is fine, but you
have to be sure that you protect against a user viewing the html
source of your request form and figuring out how to post a
(un)subscribe request to your application.

In other words, you have to protect against one validated user
(un)subscribing other users.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list