important protection against accidental (but, IMO, badly
designed) or malicious bad behavior. So this specification
proposed a way to bypass those safeguards and protection?
No, of course not. The unsubscribe links in the mail this will affect are
invariably unique to the message's recipient with a hard to forge hash of
some sort. So if you have the message, you are the subscriber or the
subscriber gave the message to you.
I've talked at some length to the people at Gmail who plan to implement
this, and they've clearly dealt with more mail forgery than any of us.
By the way, in the US, it is not just poor practice to require
confirmation of unsubscribe requests for commercial mail, but under the
FTC's CAN SPAM rules, it is illegal to do so.
R's,
John