From: Kee Hinckley <nazgul(_at_)somewhere(_dot_)com>
...
4. If User does not not confirm by either replying (From/Reply-To) or
clicking on the confirmation url....
Clicking on confirmation URLs turns out to be a bad idea. Anything
that reveals the contents of the message can cause confirmation by bad
third parties, or plausibly deniable opt-out pretending to be opt-in.
For example, there is a robot that "clicks" on all URLs seen in
news.admin.net-abuse.sightings with a very few minutes after your NNTP
server transmits. (If you run an HTTP server, you can check this with
the obvious test. Except for the IP address, I don't know who or
why.) A few days ago I received an unsolicited, probably bulk
"confirmation" to some "auction" mailing lists. I censored at least
some of the confirmation URLs and reported it to NANAS to make a record
in case it was bulk. A day later I received a "welcome" notice from
the lists and stuff started flowing. Did I miss one of the URLs in
a perfectly innocent confirmation or was the "confirming" just a
pretense? You tell me, because I don't know.
If you run a mailing list, there is no substitute for a message in
your logs with trustworthy Received headers pointing to the subscribing
address so that you can defend yourself from idiots crying "SPAM!" to
unsubscribe.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg