Re: New sub/unsub confirmation links

From: "Justin J" <justin@PROTECTED>

In-Reply-To: Re: New sub/unsub confirmation links

Date: March 9th 2013

I'm going to release v6 2 0 of Dada Mail fairly soon - here's the draft of what this new release will entail - it's a followup to some of the things I noticed with the 6 1 0 release:

In v6 2 0 of Dada Mail, we've made some more strides in making the subscription confirmation system in Dada Mail as secure as possible, without adding any unneeded complications

The new enhancements made in v6 1 0 seem to be working great - I'm actually surprised that the move to this entirely new system went as smoothly as it did In v6 2 0, we did add some additional backwards compatibility, so if your users encounter an old-style confirmation link, Dada Mail will intelligently handle the request

Also new in v6 2 0 is a simple check that the confirmation of a sub/unsub is coming from the same IP address as the initial sub/unsub request We're noticing that mail readers - mostly web-based mail readers, sometimes follow the links that are in the messages you send, including ones sent by Dada Mail

It's not entirely clear why they do this, but it's certainly happening We're coming to the conclusion that the majority of "phantom" subscribing/unsubscribing happening in Dada Mail (and loops of sub/unsubs) is happening because these programs are following the links themselves, rather than an actual human, reading and reacting to the message

This is pretty detrimental, when it comes to Dada Mail's confirmation system One thing that we've noticed is that since the actual user, and these programs are located in different places (your user is perhaps in an office, at work, the program is in a server farm somewhere far away), that a tell-tale sign that something fishy is going on, is when the IP Addresses of the request to sub/unsub and the confirmation to sub/unsub come from different places

So, in v6 2 0, if this is detected, the confirmation won't go through, without someone - hopefully human, clicks a big button in their web browser:

[photog]

It's our hope that an actual user won't ever need to see this screen - as a sub/unsub request and its confirmation should happen at the same IP address In certain cases, this won't be true: say someone requests to subscribe at home, rushing to drive to work, where they then check their email again to complete the subscription Then, there will be two different IP addresses - but it still not the end of the world, when it comes to this nascent subscription

This extra step isn't meant to be something hard to figure out, it's only there to short circuit some sort of automated process That's why it's not a form that requires a CAPTCHA to be figured out, or anything like that

So that's what's to look forward to, with v6 2 0 If you're running v 6 0 1 or below, this is def a great time to upgrade

I'm currently running this version on,

http://dadamailproject
com/cgi-bin/dada/mail
cgi/

Seems to be working just fine I'm hoping this will be a big nail driven into the, "infinite sub/unsubs" coffin

‹ Re: tracker breaking some links

Index

Changing Subscriber Fields All Lists ›

Email Address

You're OK with using your email address as your primary contact for this email discussion list; messages will be sent on your behalf

Unsubscribe at Anytime | Privacy Policy

This mailing list is a public mailing list - anyone may join or leave, at any time.
This mailing list is a group discussion list (unmoderated)
Start a new thread, email: dadadev@dadamailproject.com

This is the developer discussion mailing list for Dada Mail.

If you are just looking for support Dada Mail, consult the message boards at:

https://forum.dadamailproject.com

Documentation for Dada Mail:

https://dadamailproject.com/d

Specifically, see the Error FAQ:

https://dadamailproject.com/d/FAQ-errors.pod.html

To post to this list, send a message to:

mailto:dadadev@dadamailproject.com

All subscribers of this list may post to the list itself.

Topics that are welcome:

Constructive critiques on the program (I like, "x", but, "y" needs some work - here's an idea on how to make this better...)
Bug/Error reports
Bug fixes
Request For Comments on any changes to the program
Help customizing Dada Mail for your own needs
Patches
Language Translations
Support Documentation/Doc editing, FAQ's, etc.
Discussion of any changes that you would like to be committed to the next version of Dada Mail -

Dada Mail is on Github:

https://github.com/justingit/dada-mail/

If you would like to fork, branch, send over PRs, open up issues, etc.

Privacy Policy:

This Privacy Policy is for this mailing list, and this mailing list only.

Email addresses collection through this mailing list are used explicitly to work within this email discussion list.

We only collect email addresses through our Closed-Loop Opt-In system.

We don't use your email address for any other purpose.

We won't be sharing your email address with any other entity.

Unsubscription can be done at any time. Please contact us at: justin@dadamailproject.com for any help regarding your subscription, including removal from the mailing list.

All mailing list messages sent from us will include a subscription removal link, which will allow you to remove yourself from this mailing list automatically, and permanently.

All consent to use your email address for any other purpose stated at the time of the mailing list subscription will also be revoked upon mailing list removal.