--On 14 November 2008 05:54:34 -0800 SM <sm(_at_)resistor(_dot_)net> wrote:
It's better not to wait for the unsub attacks to prevent it from
happening. Sometimes we may take an action based on the information we
receive from a list. Without the confirmation, we would not be aware
that the information may no longer be available to us.
You can close that gap with a notification message, which gives access to
the missing information. Something like this:
Click here if you didn't mean to unsubscribe.
Click here to see the messages you've missed.
Click here to protect your subscription.
Each email message's unsub links should contain everything needed to do
an unsub in one action - the user doesn't need to know another password,
and then goes on to say that if malicious unsubscriptions are a concern,
that "everything" could include a magic cookie that only the recipient
of the email sees (in the link) that serves as a password for the unsubs.
Sometimes the subscriber resends the message, including full headers.
The magic cookie is then disclosed to third parties.
Yes, so it would be best practice for mail clients not to do that by
default. It would also be sensible to have a time-sensitive cookie, to
reduce the window of opportunity for abuse, and to limit repeat attacks.
--
Ian Eiloart
IT Services, University of Sussex
x3148
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg