On 08/21/2017 02:08 PM, John Levine wrote:
There are plenty of anti-spam schemes that fetch all the URLs in a
message to see whether they're malicious. That's why ESPs usually
have a landing page with a confirm link, and why we wrote RFC 8058
which defines a one-click opt-out link that uses POST rather than GET,
since the URL malware fetchers all do GETs.
Why do single click?
Why not do confirmed?
I.e. you go to a page that asks you to "Click here to confirm that you
want to unsubscribe."?
I never understood the problem with (what I consider to be) double opt
in / out.
I'd also worry that the POST method is not distinct enough compared to
GET. (At least compared to double opt out.)
--
Grant. . . .
unix || die
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org