Brad Knowles wrote: >Bill Honneus (honneus) wrote: > >> When a user subscribes or unsubscribes from a mailing list, they are >> sent an email confirmation and must click a link on the web interface or >> reply to the email to confirm their subscription/removal. One of our >> engineers is creating a portlet on a web application, and what he wants >> to do is allow the user to be immediately subscribed as soon as they >> click a link. Is there a way to configure Mailman so that a user is >> immediately subscribed or removed without the confirmation process? > >It's easy enough to do with the command-line tools, if you know what you're >doing.
Or see some of the results from <http://www.google.com/search?q=site%3Amail.python.org++inurl%3Amailman++wget>. >> Alternatively, if we were to write some custom code on our application, >> could we simply call the subscribe cgi script, and then send the >> confirmation request from the application without asking the user for >> further input? >> >> Please let me know if this is a sound approach. > >I would strongly encourage you folks to *NOT* do this. It's so easy to >abuse these kinds of systems and sign someone up for a billion different >mailing lists. > >There's a reason why the default with Mailman is so that the user has to >confirm their subscription request. I see in another reply that you plan on verifying the user via your web application before the subscribe/unsubscribe. This is fine, but you have to be sure that you protect against a user viewing the html source of your request form and figuring out how to post a (un)subscribe request to your application. In other words, you have to protect against one validated user (un)subscribing other users. -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp