Re: Unsubscribe/Subscribe Confirmation Email Looping?

 
From: "Moshe Katz" <moshe@PROTECTED>
In-Reply-To: Unsubscribe/Subscribe Confirmation Email Looping?
Date: May 5th 2011
Hi Justin, I would immediately suspect link prefetching, either by the email client, or more likely a browser plugin (and the user is using Webmail).

I know that this very list (dadadev) had a similar problem because it is archived on a publicly accessible site and search engines were following the unsub. links - but since it is double-opt-out, the second step of the opt-out never happened.

Moshe

------------------------------
Moshe Katz
-- moshe@PROTECTED
-- +1(301)867-3732



On Thu, May 5, 2011 at 7:31 PM, Justin J <justin@PROTECTED> wrote:

Hello everyone,

I'm getting some troubling reports from various users, who say that they're getting reports from members of their list that unsubscribe from a newsletter, or to be resubscribed, then unsubscribed, etc in a huge loop.

The usage log will look a lot like this:

       [Tue May 3 16:28:33 2011]        listshortname   12.123.12.12    Unsubscription Confirmation Sent for listshortname.list         hapless.email@PROTECTED
       [Tue May 3 16:28:33 2011]        listshortname   12.123.12.12    Unsubscribed from listshortname.unsub_confirm_list      hapless.email@PROTECTED
       [Tue May 3 16:28:33 2011]        listshortname   12.123.12.12    Subscribed to listshortname.unsub_confirm_list  hapless.email@PROTECTED

       [Tue May 3 18:41:15 2011]        listshortname   12.123.12.12    Unsubscribed from listshortname.unsub_confirm_list      hapless.email@PROTECTED
       [Tue May 3 18:41:15 2011]        listshortname   12.123.12.12    Unsubscribed from listshortname.list    hapless.email@PROTECTED

       [Tue May 3 21:13:34 2011]        listshortname   12.123.12.12    Unsubscribed from listshortname.sub_confirm_list        hapless.email@PROTECTED
       [Tue May 3 21:13:34 2011]        listshortname   12.123.12.12    Subscribed to listshortname.sub_confirm_list    hapless.email@PROTECTED
       [Tue May 3 21:13:35 2011]        listshortname   12.123.12.12    Subscription Confirmation Sent for listshortname.list   hapless.email@PROTECTED

       [Tue May 3 22:22:35 2011]        listshortname   12.123.12.12    Unsubscribed from listshortname.sub_confirm_list        hapless.email@PROTECTED
       [Tue May 3 22:22:35 2011]        listshortname   12.123.12.12    Subscribed to listshortname.list        hapless.email@PROTECTED



And this pattern will continue to repeat.

The first chunk of code is what's supposed to be logged when someone requests to unsubscribe.

The second chunk is when what's supposed to be logged when someone confirms the unsub.

The third chunk is when someone requests to be subscribed.

and the forth chunk is when someone confirms the subscription.


Everything looks great, except that the user isn't doing any of this - it's all on autopilot and this pattern will continue to repeat and repeat and repeat, until the list owner finally just removes the email address from the list, permanently.

I'm scratching my head at what the base problem is and I currently have absolutely no idea.

My first thought was that it's some sort of Denial of Service attack, but it would seem strange to have it target a specific email address that was already subscribed and then have the "attack" span over hours. Not a very good attack! This would also mean the pin verification system has been broken, but I'm not sure that's the case, either.

My next suspicion, which is a good one, is that there's a bug in Dada Mail, but all my looking hasn't turned up with anything.

My most recent suspicion is that it's some sort of auto link prefetching going on with the user's email reader. Link prefetching is a *really bad idea* for email messages, exactly for this reason, but would explain the mechanism that causes this loop:

When a subscriber receives a confirmation email to unsubscribe, it gets followed automatically and they will receive a, "you've been unsubscribed" email, which has a link to *subscribe* again, which will be followed, automatically, which will send the subscription confirmation email, which will subscribe them. That'll send a "you're now subscribed" email, which has a link to unsubscribe them again - and that's where the loop is.

That's my current theory.

Has anyone on this list experience this problem? Got any other idea what may be going on?

It's very strange, since it happens to maybe 1 out of every 10,000 subscribers. The link prefetching could be a sign that the user's machine has been comprised with some sort of virus and this is just a weird side effect of some sort of logging system of the virus itself - I dunno. I could really use some help to get to the bottom of all this, though,

--

Justin J: Lead Dadaist.
url:      http://dadamailproject.com
email:    justin@PROTECTED
phone:    720.341.4963



--

Post:
mailto:dadadev@PROTECTED

Unsubscribe:
http://dadamailproject.com/cgi-bin/dada/mail.cgi/u/dadadev

List Information:
http://dadamailproject.com/cgi-bin/dada/mail.cgi/list/dadadev/

Archive:
http://dadamailproject.com/cgi-bin/dada/mail.cgi/archive/dadadev

Developer Info:
http://dev.dadamailproject.com=

Post:
mailto:[list_settings.discussion_pop_email]

Unsubscribe:
https://dadamailproject.com/cgi-bin/dada/mail.cgi/u/dadadev/

List Information:
[PROGRAM_URL]/list/[list_settings.list]

Archive:
[PROGRAM_URL]/archive/[list_settings.list]

Developer Info:
http://dev.dadamailproject.com

rss/atom
RE: Unsubscribe/Subscribe Confirmation Email Looping?
Index
Test
  • This mailing list is a public mailing list - anyone may join or leave, at any time.
  • This mailing list is a group discussion list (unmoderated)

  • Start a new thread, email: dadadev@dadamailproject.com

This is the developer discussion mailing list for Dada Mail.

If you are just looking for support Dada Mail, consult the message boards at:

https://forum.dadamailproject.com

Documentation for Dada Mail:

https://dadamailproject.com/d

Specifically, see the Error FAQ:

https://dadamailproject.com/d/FAQ-errors.pod.html

To post to this list, send a message to:

mailto:dadadev@dadamailproject.com

All subscribers of this list may post to the list itself.

Topics that are welcome:

  • Constructive critiques on the program (I like, "x", but, "y" needs some work - here's an idea on how to make this better...)
  • Bug/Error reports
  • Bug fixes
  • Request For Comments on any changes to the program
  • Help customizing Dada Mail for your own needs
  • Patches
  • Language Translations
  • Support Documentation/Doc editing, FAQ's, etc.
  • Discussion of any changes that you would like to be committed to the next version of Dada Mail -

Dada Mail is on Github:

https://github.com/justingit/dada-mail/

If you would like to fork, branch, send over PRs, open up issues, etc.

Privacy Policy:

This Privacy Policy is for this mailing list, and this mailing list only.

Email addresses collection through this mailing list are used explicitly to work within this email discussion list.

We only collect email addresses through our Closed-Loop Opt-In system.

We don't use your email address for any other purpose.

We won't be sharing your email address with any other entity.

Unsubscription can be done at any time. Please contact us at: justin@dadamailproject.com for any help regarding your subscription, including removal from the mailing list.

All mailing list messages sent from us will include a subscription removal link, which will allow you to remove yourself from this mailing list automatically, and permanently.

All consent to use your email address for any other purpose stated at the time of the mailing list subscription will also be revoked upon mailing list removal.