Re: New sub/unsub confirmation links
So here's some additional thoughts on the sub/unsub confirmation links, and some of the issues it's trying to solve:
I released v6 1 0 last week, and I've been doing a ton of upgrades for people They've gone pretty smoothly I've some improvements (as always), that I'll ship in v6 1 1
Funnily enough, I finally experienced a problem similar to what people have been reporting: multiple subscribers, unsubscribing, then subscribing in what seems like a big loop!
Which is fun to find out, once you bust your a$$ to try to fix just that problem But, it enlightened me to what exactly is going on Here's a sample of what I'm seeing - these are from the, subscription notification emails:
some address@rediffmail com has been unsubscribed from:
Dada Mail Announcement List
Server Time: Tue Feb 19 04:08:09 2013
IP Logged: 202 137 235 189
some address@rediffmail com has subscribed to:
Dada Mail Announcement List
Server Time: Tue Feb 19 04:08:25 2013
IP Logged: 202 137 234 188
some address@rediffmail com has been unsubscribed from:
Dada Mail Announcement List
Server Time: Tue Feb 19 04:08:33 2013
IP Logged: 202 137 234 163
some address@rediffmail com has subscribed to:
Dada Mail Announcement List
Server Time: Tue Feb 19 04:08:44 2013
IP Logged: 202 137 234 197
some address@rediffmail com has been unsubscribed from:
Dada Mail Announcement List
Server Time: Tue Feb 19 04:08:52 2013
IP Logged: 202 137 234 185
some address@rediffmail com has subscribed to:
Dada Mail Announcement List
Server Time: Tue Feb 19 04:09:24 2013
IP Logged: 202 137 234 243
some address@rediffmail com has been unsubscribed from:
Dada Mail Announcement List
Server Time: Tue Feb 19 04:09:42 2013
IP Logged: 202 137 234 185
So, one thing to mention is that the majority of problems I had are from one domain, "rediffmail com"
The other big thing to notice is that all these requests are coming from different IP addresses:
202 137 235 189 202 137 234 188 202 137 234 163 202 137 234 197 202 137 234 185 202 137 234 243 202 137 234 185 (the only duplicate IP address)
That seems pretty strange
Doing some research quickly on those IP addresses, just points the IP address to rediff com/rediffmail com rediffmail com is a web-based mail service Links in the messages itself get changed to rediffmail's own redirect service - like this:
http://www
rediffmail
com/cgi-bin/red
cgi?red=http%3A%2F%2Fdadamailproject%2Ecom%2Fcgi%2Dbin%2Fdada%2Fmail%2Ecgi%2Flist%2Fdada%5Fannounce
Which - you know, tracks what you click It's not exceptionally bright, so you can do funny things, like have it redirect to itself:
http://www rediffmail com/cgi-bin/red cgi?red=http%3A%2F%2Fwww rediffmail com%2Fcgi-bin%2Fred cgi%3Fred%3Dhttp%3A%2F%2Fwww rediffmail com%2Fcgi-bin%2Fred cgi%3Fred%3Dhttp%3A%2F%2Fwww rediffmail com%2Fcgi-bin%2Fred cgi%3Fred%3Dhttp%3A%2F%2Fwww rediffmail com%2Fcgi-bin%2Fred cgi%3Fred%3Dhttp%3A%2F%2Fwww rediffmail com%2Fcgi-bin%2Fred cgi%3Fred%3Dhttp%3A%2F%2Fwww rediffmail com%2Fcgi-bin%2Fred cgi%3Fred%3Dhttp%3A%2F%2Fwww rediffmail com%2Fcgi-bin%2Fred cgi%3Fred%3Dhttp%3A%2F%2Fwww rediffmail com%2Fcgi-bin%2Fred cgi%3Fred%3Dhttp%3A%2F%2Fwww rediffmail com%2Fcgi-bin%2Fred cgi%3Fred%3Dhttp%3A%2F%2Fwww rediffmail com%2Fcgi-bin%2Fred cgi%3Fred%3D
Ahem,
But I'm wondering if this same system prefetches links in messages received in your rediffmail inbox, for whatever reason Dunno The redirect masks the IP address of where the user is, that's receiving the message, since it's always actually done through this redirect scheme
But, what we can do is track the IP address the initial sub/unsub request is coming from, and then see what the IP address is, when the confirmation link is, "clicked" (or automatically followed) It's plausible to think that someone real isn't going to be changing their IP address every few seconds (right?) and that change raises a Weirdness Flag
If the IP addresses don't match up, as none of these do in order, in my example, we can have a policy to not allow the sub/unsub to complete without some sort of human intervention, to stop this ridiculous loop of automation - just a simple button or something
Anyways, this sort of strengthens my idea that the core problem isn't because of something malicious, but of something stupid - like whatever rediffmail's mail reader software is doing, while reading/whatever emails it receives
- This mailing list is a public mailing list - anyone may join or leave, at any time.
- This mailing list is a group discussion list (unmoderated)
-
Start a new thread, email: dadadev@dadamailproject.com
This is the developer discussion mailing list for Dada Mail.
If you are just looking for support Dada Mail, consult the message boards at:
https://forum.dadamailproject.com
Documentation for Dada Mail:
Specifically, see the Error FAQ:
https://dadamailproject.com/d/FAQ-errors.pod.html
To post to this list, send a message to:
mailto:dadadev@dadamailproject.com
All subscribers of this list may post to the list itself.
Topics that are welcome:
- Constructive critiques on the program (I like, "x", but, "y" needs some work - here's an idea on how to make this better...)
- Bug/Error reports
- Bug fixes
- Request For Comments on any changes to the program
- Help customizing Dada Mail for your own needs
- Patches
- Language Translations
- Support Documentation/Doc editing, FAQ's, etc.
- Discussion of any changes that you would like to be committed to the next version of Dada Mail -
Dada Mail is on Github:
https://github.com/justingit/dada-mail/
If you would like to fork, branch, send over PRs, open up issues, etc.
Privacy Policy:
This Privacy Policy is for this mailing list, and this mailing list only.
Email addresses collection through this mailing list are used explicitly to work within this email discussion list.
We only collect email addresses through our Closed-Loop Opt-In system.
We don't use your email address for any other purpose.
We won't be sharing your email address with any other entity.
Unsubscription can be done at any time. Please contact us at: justin@dadamailproject.com for any help regarding your subscription, including removal from the mailing list.
All mailing list messages sent from us will include a subscription removal link, which will allow you to remove yourself from this mailing list automatically, and permanently.
All consent to use your email address for any other purpose stated at the time of the mailing list subscription will also be revoked upon mailing list removal.