[Mailman-Users] Users being unsubscribed without requesting it.
gtaylor at tnetconsulting.net
Mon Aug 21 17:56:52 EDT 2017
On 08/21/2017 02:08 PM, John Levine wrote:
> There are plenty of anti-spam schemes that fetch all the URLs in a
> message to see whether they're malicious. That's why ESPs usually
> have a landing page with a confirm link, and why we wrote RFC 8058
> which defines a one-click opt-out link that uses POST rather than GET,
> since the URL malware fetchers all do GETs.
Why do single click?
Why not do confirmed?
I.e. you go to a page that asks you to "Click here to confirm that you
want to unsubscribe."?
I never understood the problem with (what I consider to be) double opt
in / out.
I'd also worry that the POST method is not distinct enough compared to
GET. (At least compared to double opt out.)
Grant. . . .
unix || die
More information about the Mailman-Users