Jeremy Blackman <[EMAIL PROTECTED]> writes:
> In other words, still allow the list admin to subscribe anyone, since too
> many legitimate lists use it, and in the 'you joined' notice message,
> offer not only a way to unsubscribe (since often times when they get the
> unsubscribe notice, malicious users of those systems will simply
> resubscribe you) but a way to say 'regardless of what the list admin says,
> I want off this list permanently'.
Unfortunately this probably won't work.
Spammers will not be inconvenienced by it in the least, since they can
continue to paste thousands of addresses in the mass-subscribe hole and add
people to the FREE MONEY NOW list -- immediately followed by the inaugural
FREE MONEY message itself of course -- secure in the knowledge that only a
fraction of the victims will bother to remove themselves... and that anyone
who does has just verified a "GOLD!" email address in the process. (The
classic Opt-Out Fallacy in action)
Legitimate list owners are probably already providing their legitimate
members with enough info on removing themselves as it is, without extra help
from the Half-Measures Dept.
I understand that there is a legitimate need (especially but not only in
Egroups's eyes) for legitimate listowners to be able to PORT their lists
over to Egroups from another service or software package. The trick is how
to distinguish this from spammers doing mass subscribes of victims. I have
a few suggestions for Egroups to consider.
One suggestion is that the number of LEGITIMATE wholesale list migrations to
Egroups from elsewhere, per day, could not be very large. A customer
service representative inspecting the transaction would probably have very
little difficulty telling the difference between, say, Model-Rockets-L
changing homes, versus SCHWING-XXX DIET SUPPLEMENT trying to add 9,000
people from AOL. So you tell list owners that bulk subscribes take a day to
process, and you vet them before saying yes. If you have any doubts you
request further verification.
Another suggestion is that Egroups should take care to "salt" the web with
telltale marker email addresses (which are never disclosed), the appearance
of any one of which in a bulk subscribe becomes prima facie evidence of a
rip job.
A third suggestion is that, for any given list, mass migrations are RARE.
Therefore it would be reasonable, if a bulk subscribe passes all other
kosherness tests, to send an OPT-IN message - containing NO material written
by the list manager whatsoever beyond the name of the list and the manager -
to each address in the bulk subscribe list, requesting a mailed or webbed
confirm before their subscription takes effect. Now, THIS message could
contain as one of the possible responses "no, and never send me one of these
opt-ins again either." That would cover the abuse case where you find
yourself saying no-thanks to eight opt-ins a week. Remember that any
LEGITIMATE list owner who plans to migrate her or his list to Egroups has
ample opportunity beforehand to tell all the members, ON THE OLD LIST, what
is happening and what they need to do to make sure they're included in the
move. (In fact, Egroups could provide a standard form of this announcement
for cut+paste by list managers as part of a "Migration Kit.")
I hope Egroups is still reading this. Maybe I'll Cc that apologizing person
as well.
--
Tom Neff
