Hello Everyone,

To have Dada Mail work better with what's laid out in the CAN SPAM law, I'm yet again changing the way Unsubscribes work I'm a little worried, as it seems Dada Mail's current default system: sending an unsub confirmation, is against the guidelines the law lays out! It basically wants this:

"(1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender"

• A link or Reply-To unsubscribe process must exist in every email sent and these unsubscribe processes must remain functional for at least 60 days following an email campaign
• The Reply-To send-an-email opt-out request must remove the address within 10 days
• If choosing a link to unsubscribe, the link must either immediately unsubscribe the user on click or, alternatively, lead only to a single page that contains a simple one-page one-click unsubscribe form
• The unsubscribe form must consist of a simplified one-step form

So, what's needed is a simply, one-field form, that you enter your email address into Easy enough

The problem is, we need to protect the situations where ANYBODY is able to unsubscribe ANYBODY ELSE, just by filling out this simple form

So, this simple form, ain't so simple

If it was a simple form, that has/doesn't have the subscriber's email address embedded in it, anyone with access to that link can click it, and unsubscribe someone, other than themselves Ugh THAT's why a confirmation system, just like subscription makes sense (although I understand the point of view of what's put forth in CAN SPAM)

So, the way I'm going to solve this problem is such:

Unsubscription confirmations in Dada Mail are going to go There's not even going to be an option to enable/disable - as enabling is essentially breaking the letter of the law In fact, there's not going to be many options at all for unsubcriptions Which is good - simplifying things is good, because too many options makes people confused, and then things get set up strangely

So, every mass mailing message that goes out with Dada Mail, will have an unsub link, that, when clicked, will take the user to that simple form This unsub link will be specific to the subscriber's email address, the list, and the message sent The user will still only need to fill in their own email address to unsubscribe - and if they do, they'll be unsubscribed right then and there - no confirmation email sent

If someone gets ahold of this link, and tries to fill out another email address, it won't work Because again, the unsub link will be specific to that list, message and email address The unsub link will hold a simple (yet fairly long) hash that will get compared to the email address entered It's not going to be military-grade foolproof secure, but it's honestly going to be pretty darn, "good enough", as no casual, or even really motivated 14 year old script kiddy, is going to take the time to crack it Hopefully

This DOES mean that List Owners are going to have to be diligent with fielding any problems from Subscribers that can't even figure out this simple, one-field form - and there will be those people A simple email link will be presented, if that form isn't filled out correctly that'll go to the List Owner That means, List Owners can't be asleep at the wheel

I'm also removing the option to unsubscribe from the forms on Dada Mail's HTML screens, since again - how do you protect against the, "Anyone can unsub Anyone else" problem? The only place you will be able to unsubscribe from a list, will be via clicking on a link in a mass mailing message, or in the Profile for a specific address, where I can embed that special unsub link and have a pretty good feeling, that the person who fills out the address, is filling out their own address

Again, this simplifies things quite a bit, and what's not to love about less clutter?

I'd like to, in the future, provide a way to send a simple removal request via email - at least for people who have Bridge installed, but that's not going to make it in this initial release (I don't think)

To help some of the problems with the wrong people filling out the unsub form, for discussion lists, I'll make it so unsubscription links are removed from messages that get replied to, so even though these specific unsub links are used, they won't make it back to the list

Hopefully, this means, even though I have my own specific unsub link, and I reply to a message that was also sent to the list, when that specific unsub link gets sent with my reply, it'll get parsed out by Dada Mail, before my reply hits the list again

As I mentioned before, unsub links will also contain the list, and reference to the mass mailing that it's send in Which is good! Since we can now track unsubscribes and tie them to specific mass mailings! Which is another data point I can show/plot/report in the Tracker plugin And that's pretty valuable information, as I bet 99 9% of unsubs happen because of clicking the unsub link in a mass message

To illustrate the differences in options that are going to be available in the list control panel in re: to unsubscriptions, here's what the options look like, now:

http://dadamailproject
com/images/dev/unsub_options_current
jpg

And here's what it's (probably) gonna look like:

http://dadamailproject
com/images/dev/unsub_options_future
jpg

The idea is that it's foolproof

I've already started work on this system, and you can see what's going on, on this branch:

https://github
com/justingit/dada-mail/tree/features-simplified_unsubscriptions

I'll be able to get an alpha out by Monday - or at least install it on the dadamailproject com Dada Mail, and we can all have a go at the new system

So, that's a lot to present to everyone, and I'd like to get some feedback on this all I'm sure there will be questions and concerns I'd like to know of some of the problems you have all faced with people trying to work with the current unsubscription process and if you think this new system will hurt/help these problems My main goal is to be in compliance with CAN SPAM, make this as simple as a system as possible to use, and make this as secure of a system to use