On Sat, Mar 12, 2005 at 06:45:21PM +0000, Thomas Beale wrote: > > you can normally login and unsubscribe. However, I recognise > that there are those in the position described in this email. I > have recommended to the webmaster & sysadmin people to enable a > no-login email method of unsubscribing. I have suggested that > sending an unsubscribe message to the list-manager address (not > the list itself; I am amazed that anyone thinks that will > work!) will actually get them unsubscribed and send an email > saying so. In the case of malicious abuse (faked "from" > address), this reply email will alert someone who doesn't want > to be unsubscribed. Alternatively, in response to an > unsubscribe email we could make the list manager send an email > asking for confirmation (like yahoogroups) and responding to > that will get you unsubscribed. This way is slightly more > annoying but less open to malicious abuse. What would people > prefer? What is regarded as reasonable configuration on other > lists? >
Yes, Thomas, the 'unsubscribe' email method with reconfirmation is acceptable. My suggestion would be to retain existing 'Login' method and the email method as an alternate. A possible implementation would be: o Blank mail to: openehr-unsubscribe at openehr.org o Check the header for the "From: " ($from) field o If '$from' exists, send automated re-confirmatory mail with link to existing http://openehr.org/cgi-bin/whatever.cgi (with username varified from $from). o From there onwards the processes would be common (viz. the actual process still done by the web mechanism). Bish - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
