The mailing list for listmasters using Sympa

[David Verdin <address@concealed>]

Le 15/07/16 à 21:39, Adam Bernstein (via sympa-users Mailing List) a écrit :

Thanks, David, for the confirmation!

And on this:

I am a bit surprised with waht I read regarding unsollicited
unsubscriptions. Indeed, anyone can click the unsubscription link but
you then need to confirm unsubscription by clicking a link in a mail
Sympa sends.

I can't see how we could simplify the process without the risk of
getting people unsubscribing other prople.

The auto link-scanning will still produce that confirmation email to the user, which will confuse and annoy them - they are quite easily confused and annoyed :). And more and more of them are behind this kind of link protection.

The better way for it to work would be like Constant Contact or many other services: the link brings up only a web page showing your email address with an Unsubscribe button, and only clicking that button performs the unsub. No action is performed until that button on that web page is clicked, which the link-scanners won't do.
Darn.
In that case, anyone can unsubscribe anyone, as soon as a mail is replied to the list with the unsubscription link in it.
The confirmation email is not really a privacy or security protection.
It's more a "jackass protection": protecting against people having the stupid idea to click a link that is not for them.

Would it be a better solution to use (sort of) one time tickets instead? Here's the big picture:
- unsubscription links are one time ticket: a link that can't be guessed, valid for a limited time only (24 or 48 hours for example),
- once clicked, users are redirected to the Sympa web page. They don't have an authenticated session, only a form with their email address and a button to cpnfirm unsubscription,
- if they click the button, they are unsubscribed withou any further confirmation.

The advantage would be that it would be a one click unsubscription
The drawbacks would be (at least) that:
- other people could also click this link if a user replies to of forwards a mail - but only for a limited time,
- in addition to increased outgoing mails load, their would be also an increased load on the database engine because we would have to store these tickets.
- user could be annoyed because, if they click an expired link, it would not work.

Arh... Uneasy stuff...

    adam

--
A bug in Sympa? Quick! To the bug tracker!

David Verdin Études et projets applicatifs
Tél : +33 2 23 23 69 71 Fax : +33 2 23 23 71 21   www.renater.fr	RENATER 263 Avenue du Gal Leclerc 35042 Rennes Cedex

Attachment: smime.p7s
Description: Signature cryptographique S/MIME