On Thu 29/Jun/2023 04:46:35 +0200 Sebastian Nielsen via mailop wrote:
See RFC 8058 on doing one-click unsubs in a way unlikely to be mistriggered.
Its a good idea, but don't count on all MUAs implementing this function, so
best here is to have both, if request arrives from the RFC 8058 header, treat
it as secure enough to warrant one-click, but if it arrives through the
unsubscribe link in the email itself, require an extra click on button.
It can well be the same form. In PHP:
if (isset($_POST["List-Unsubscribe"]) &&
$_POST["List-Unsubscribe"] == "One-Click")
{
// do the unsubscribe
if ($ok)
{
http_response_code(202);
return $address ." successfully unsubscribed";
}
http_response_code(500);
return $bad;
}
http_response_code(200);
return '<form action="'. $PHP_SELF .'" method="POST">
<fieldset><legend>Manual unsubscribe</legend>
<label for="List-Unsubscribe">Enter "One-Click",
see <a href="https://www.rfc-editor.org/rfc/rfc8058">RFC
8058</a></label>
<input type="text" id="List-Unsubscribe" name="List-Unsubscribe">
<input type="submit"></fieldset></form>';
Best
Ale
--
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop