Re: Message Link Prefetching Issue

 
From: "Bruce Scherzinger webmaster@PROTECTED [Dada Mail Developers]" <dadadev@PROTECTED>
Subject: Re: Message Link Prefetching Issue
In-Reply-To: (no subject)
Date: August 24th 2021
Hi Justin!

Always nice to hear from you and seeing you take care great of your baby. Hope you are doing well out there in the West. Nothing else. Just hi. 😃

Cheers,
Bruce Scherzinger

On August 24, 2021 5:18:17 PM "Justin John justin@PROTECTED [Dada Mail Developers]" <dadadev@PROTECTED> wrote:

 

From: justin@PROTECTED

Howdy everyone, I’m working on the problem of email services/readers (Gmail) visiting links within the message to do whatever they do when they do that (scan the content for bad things, mostly - but also useful things like previewing the page in a popup). Link prefetching itself isn’t really a terrible thing, but it leads to perhaps bad side effects when it comes to links in email messages that do things, like subscribe or remove someone from a mailing list.

Dada Mail has some protection for this, most specifically for its removal mechanism, but this leads a lot of other links vulnerable to this issue. For example: subscription request accepting/rejecting, moderation links, profile password resets, list password reset - and a few others. Here’s some discussion of the problem:

https://news.ycombinator.com/item?id=28240279

Here’s the branch I’ll be working on these modifications:

https://github.com/justingit/dada-mail/tree/features-POST_requests

The good news is, it’s not a huge deal to make the modifications, and shouldn’t break any links in the wild, so there’s little risk for you to upgrade. I did want attention of this issue to be raised, as it’ll be a useful upgrade to perform.

I guess a big question is, just how far do I take this? Should links in mass email messages that are tracked be protected by link prefetching? The advantage to protecting links is that false-clickthroughs will be essentially eliminated (if they happen by a link prefetcher). Negatives is that it’ll take an extra second for the link to go to where it’s supposed to go. I guess I could make this an option to begin with.

--

Justin J: Lead Dadaist url: dadamailproject.com email: justin@PROTECTED twitter: @dadamail

Dada Mail Announcements:http://dadamailproject.com/cgi-bin/dada/mail.cgi/list/dada_announce/

 

Dada Mail Developers

Post to: Dada Mail Developers ( dadadev@PROTECTED )
Manage Your Subscription
Unsubscribe
                                                           

  • This mailing list is a public mailing list - anyone may join or leave, at any time.
  • This mailing list is a group discussion list (unmoderated)
  • Start a new thread, email: dadadev@dadamailproject.com

This mailing list is to discuss the nerdy programming development of Dada Mail -

If you are just looking for support Dada Mail, consult the message boards at:

http://dadamailproject.com/support/boards

To post to this list, send a message to:

 dadadev@dadamailproject.com

All subscribers of this list may post to the list itself.

Some on topic... topics include:

  • Positive Crits on the program (I like, "x", but, "y" needs some work - here's an idea on how to make this better...)
  • Bug/Error reports
  • Bug fixes
  • Request For Comments on any changes to the program
  • Help customizing Dada Mail for your own internal needs
  • Patches
  • Language Translations
  • Support Documentation/Doc editing, FAQ's, etc.
  • Discussion of any changes that you would like to be committed to the next version of Dada Mail -

At the moment, there aren't many people with CVS access for Dada Mail - if you would like CVS access, please first talk about the changes you propose and how it will affect the program. If the idea is sound and agreed upon, the change will be comitted. A good track record of this will allow you to have CVS access. Some reasons that patches will not be accepted is if the patch breaks compatibility with a previous version of the program, the patch is too centric to your own problem or the patch simply isn't very good.

Please, please please familiarize yourself with the documentation at:

 http://dadamailproject.com/support/documentation/

Since no one wants to answer the same question twice.

Another sneaky reason for this mailing list is to test out the discussion list capabilities of Dada Mail, since Dada Mail is used for the mailing list itself.

NOTE - because of this, there may be times that this list will be somewhat broken. Although we're not planning on breaking the program by using it, we're giving you the heads up that this may well happen anyways.

Privacy Policy:

This Privacy Policy is for this mailing list, and this mailing list only.

Email addresses collection through this mailing list are used explicitly to work within this email discussion list.

We only collect email addresses through our Closed-Loop Opt-In system.

We don't use your email address for any other purpose.

We won't be sharing your email address with any other entity.

Unsubscription can be done at any time. Please contact us at: justin@dadamailproject.com for any help regarding your subscription, including removal from the mailing list.

All mailing list messages sent from us will include a subscription removal link, which will allow you to remove yourself from this mailing list automatically, and permanently.

All consent to use your email address for any other purpose stated at the time of the mailing list subscription will also be revoked upon mailing list removal.