Re: One-click unsubscribe

From: "Justin J" <justin@PROTECTED>

In-Reply-To: Re: One-click unsubscribe

Date: April 2nd 2010

On Apr 2, 2010, at 3:45 PM, Alan Hysinger wrote:

If a pin is compromised, it's only the one pin I have observed it is different for each mailing, even for the same email address, so it seems the algorithm generating the pins has some defense against being cracked

As the implementor of it, I'd say it's laughably insecure I'm pretty worried about it, myself I would like to completely replace it with just a random number, that's saved somewhere and generated when a sub/unsub request is made, instead of a 2-way hash that's created using the email address

But, if that happens, having the pin available in, say, the mailing list message wouldn't be something that could be done So in the future, the pin won't be available anyways

I don't know if your ideas would be best - to make enabling it so obscure (changing a global config variable, which goes against what's set in the list control panel - but only sometimes and then rolling your own unsubscribe link, using another undocumented feature - which I've stated is a bug) as not something that a regular user would want to do - it just seems like a bad design I can see the feature to be useful, I just don't think it's a good idea to use the current infrastructure that Dada Mail has to make it happen As far as the current system is set up - I actually kind of am happy with it's current state, but making it do any more somersaults gives me nightmares

‹ Re: One-click unsubscribe

Index

Re: One-click unsubscribe ›

Email Address

You're OK with using your email address as your primary contact for this email discussion list; messages will be sent on your behalf

Unsubscribe at Anytime | Privacy Policy

This mailing list is a public mailing list - anyone may join or leave, at any time.
This mailing list is a group discussion list (unmoderated)
Start a new thread, email: dadadev@dadamailproject.com

This is the developer discussion mailing list for Dada Mail.

If you are just looking for support Dada Mail, consult the message boards at:

https://forum.dadamailproject.com

Documentation for Dada Mail:

https://dadamailproject.com/d

Specifically, see the Error FAQ:

https://dadamailproject.com/d/FAQ-errors.pod.html

To post to this list, send a message to:

mailto:dadadev@dadamailproject.com

All subscribers of this list may post to the list itself.

Topics that are welcome:

Constructive critiques on the program (I like, "x", but, "y" needs some work - here's an idea on how to make this better...)
Bug/Error reports
Bug fixes
Request For Comments on any changes to the program
Help customizing Dada Mail for your own needs
Patches
Language Translations
Support Documentation/Doc editing, FAQ's, etc.
Discussion of any changes that you would like to be committed to the next version of Dada Mail -

Dada Mail is on Github:

https://github.com/justingit/dada-mail/

If you would like to fork, branch, send over PRs, open up issues, etc.

Privacy Policy:

This Privacy Policy is for this mailing list, and this mailing list only.

Email addresses collection through this mailing list are used explicitly to work within this email discussion list.

We only collect email addresses through our Closed-Loop Opt-In system.

We don't use your email address for any other purpose.

We won't be sharing your email address with any other entity.

Unsubscription can be done at any time. Please contact us at: justin@dadamailproject.com for any help regarding your subscription, including removal from the mailing list.

All mailing list messages sent from us will include a subscription removal link, which will allow you to remove yourself from this mailing list automatically, and permanently.

All consent to use your email address for any other purpose stated at the time of the mailing list subscription will also be revoked upon mailing list removal.