[Mailman-Users] Users being unsubscribed without requesting it.

John Levine johnl at taugh.com
Mon Aug 21 16:08:26 EDT 2017

In article <201708210145.v7L1io7x003574 at fire.js.berklix.net> you write:
>> Maybe this would foil ISPs who are automatically following this link to
>> unsubscribe people. Do ISPs really do this?

There are plenty of anti-spam schemes that fetch all the URLs in a
message to see whether they're malicious.  That's why ESPs usually
have a landing page with a confirm link, and why we wrote RFC 8058
which defines a one-click opt-out link that uses POST rather than GET,
since the URL malware fetchers all do GETs.


More information about the Mailman-Users mailing list