Alan, I think a great idea would be for you investigate the feature yourself on a forked copy of Dada Mail by using github. It's quite easy to fork off Dada Mail, make your changes and then ask for a pull. I'm currently working on other parts of Dada Mail, so I can't really focus to much of myself on this part, but I'd be interested in what you find. For such a feature in such a sensitive part of Dada Mail - a part that would really need to work without bugs, it would be nice if you could include tests with your ne ...Continue Reading

On Apr 2, 2010, at 3:11 PM, Justin J wrote: > > On Apr 2, 2010, at 3:45 PM, Alan Hysinger wrote: >> If a pin is compromised, it's only the one pin. I have observed it is different for each mailing, even for the same email address, so it seems the algorithm generating the pins has some defense against being cracked. > > As the implementor of it, I'd say it's laughably insecure. I'm pretty worried about it, myself. I would like to completely replace it with just a random number, that's saved somewh ...Continue Reading

On Apr 2, 2010, at 3:45 PM, Alan Hysinger wrote: > If a pin is compromised, it's only the one pin. I have observed it is different for each mailing, even for the same email address, so it seems the algorithm generating the pins has some defense against being cracked. As the implementor of it, I'd say it's laughably insecure. I'm pretty worried about it, myself. I would like to completely replace it with just a random number, that's saved somewhere and generated when a sub/unsub request is made, instead of a 2-way ...Continue Reading

Well I really hope you don't take that out, it's a very useful feature to me and my non-trivial number of subscribers. That said, in response to your arguments I would say: If a pin is compromised, it's only the one pin. I have observed it is different for each mailing, even for the same email address, so it seems the algorithm generating the pins has some defense against being cracked. If you are concerned about users understanding my proposed option, then it seems it makes more sense to keep it in Config.pm, well ...Continue Reading

On Apr 2, 2010, at 4:19 AM, Alan Hysinger wrote: > > I'm sorry I wasn't clear. I want to maintain the closed-loop opt-out when someone visits the UI on the site, to protect my mailing list from tampering, but if they have their PIN in a link, then I want to trust it and do it in one click. Unchecking that option allows literally anybody to remove email addresses. Hmm, not sure if I have anything to offer to get that working. The, "needs to actually make a confirmation request" is a pretty important ...Continue Reading

I'm sorry I wasn't clear. I want to maintain the closed-loop opt-out when someone visits the UI on the site, to protect my mailing list from tampering, but if they have their PIN in a link, then I want to trust it and do it in one click. Unchecking that option allows literally anybody to remove email addresses. Alan On Apr 2, 2010, at 3:02 AM, Justin J wrote: > > On Apr 2, 2010, at 3:48 AM, Alan Hysinger wrote: > >> Hi, I'm totally new to the list, so if I am in need of a clue, just speak up. I h ...Continue Reading

On Apr 2, 2010, at 3:48 AM, Alan Hysinger wrote: > Hi, I'm totally new to the list, so if I am in need of a clue, just speak up. I have no idea of any etiquette out here, and I am a very direct person. On topic is nice - the list is moderated by a couple of people, so it's usually not a problem. Anyways: > I wanted to provide my users with a single-click unsubscribe option. All you have to do is this: In your list control panel, go to: Your Mailing List -> Mailing List Options and uncheck the optio ...Continue Reading

Hi, I'm totally new to the list, so if I am in need of a clue, just speak up.  I have no idea of any etiquette out here, and I am a very direct person.I wanted to provide my users with a single-click unsubscribe option.  I have received some emails from angry users who don't understand the multi-step unsubscribe process, or worse, the unsubscribe confirmation gets moved to their spam folder.  Additionally, almost all of these people are my customers, who after graciously spending money in my store and op ...Continue Reading

These two bugs have already cropped up in 4.0.4 (thanks to the people who reported them): Subscribers can be subscribed more than once to the black list http://github.com/justingit/dada-mail/issues/closed#issue/38 Subscriptions are not logged in the usage log. http://github.com/justingit/dada-mail/issues/closed#issue/37 I've already issued fixes: http://github.com/justingit/dada-mail/commit/da28a68e155493a9af271c2af30e74207dae9038 http://github.com/justingit/dada-mail/commit/3c5fe179890f866026c51ffd98afea9bf4 ...Continue Reading

Here's the download links: http://github.com/downloads/justingit/dada-mail/dada-4_0_4.tar.gz http://github.com/downloads/justingit/dada-mail/dada-4_0_4.zip Here's the changelog: Changes 4.0.4 UTF-8 Issues MySQL, PostgreSQL, SQLite schema changes Some compatibility issues cropped up, regarding UTF-8/unicode character set/encoding in re: to the SQL schemas. The schemas for all supported SQL backends have been modified to better work, mostly by changing fields with type, text(320), to type, varchar(80). Other n ...Continue Reading