On Fri, Nov 14, 2008 at 08:18:31AM -0500, Chris Lewis wrote:
The MAAWG sender BCP talks about saying that unsubs should be a "single
action", and not require any additional information (eg: "confirmation
cycle" or password).
Each email message's unsub links should contain everything needed to do
an unsub in one action - the user doesn't need to know another password,
and then goes on to say that if malicious unsubscriptions are a concern,
that "everything" could include a magic cookie that only the recipient
of the email sees (in the link) that serves as a password for the unsubs.
This sounds reasonable, but I have some concerns with it.
First, it requires sending individual messages to each subscriber,
doesn't it? Which in turn increases mail traffic, because it's no
longer possible to deliver the same message to some/all subscribers
at a given MX.
Second, I'm concerned that the lack of a closed loop will be exploited.
Granted, to date, that exploitation seems to be pretty much limited to
nuisance unsubscription requests, and granted, I don't think we've seen
anything else -- yet. But this makes me uneasy, because (as I've learned)
the adversary has on occasion shown considerable ingenuity in exploiting
openings we'd previously considered inconsequential. Let me think about
this for a few days and see if I can't come up with something more tangible.
---Rsk
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg