Great Circle Associates List-Managers
(May 2000)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Confirmation Required
From: Chuq Von Rospach <chuqui @ plaidworks . com>
Date: Fri, 5 May 2000 09:50:52 -0700
To: "Roger B.A. Klorese" <rogerk @ QueerNet . ORG>, murr rhame <murr @ vnet . net>
Cc: list-managers @ GreatCircle . COM
In-reply-to: <Pine . BSI . 4 . 10 . 10005050804200 . 14832-100000 @ castro . queernet . org>
References: <Pine . BSI . 4 . 10 . 10005050804200 . 14832-100000 @ castro . queernet . org>

At 8:07 AM -0700 5/5/2000, Roger B.A. Klorese wrote:

Follow Chuq's earlier points in this space.  It is his experience that
confirmation, even easy methods, are confusing to most new netters, and
they simply up and leave.  For him, that's a much more severe problem than
the occasional attack.  For me right now, I use confirmation, but I also
know that 25% or more of my potential subscribers give up either when they
can't get confirmation right the first time or when asked for it at all.
It's a web world -- people expect to click once and get what they're
looking for, not a body cavity search.

It depends on the list. It depends on the audience. And it depends on lots of other factors.

I'm all for mailback validation where it makes sense. Unfortunately, some folks seem to think it's a panacea, and that by definition, it's the only possible solution. that's an overly simplistic view of life.

The busier the list, the more mailback validation makes sense. Getting stuffed onto a twice-a-month list is a lot different than getting stuffed on sf-lovers. One is an inconvenience, the other can drown you before you know what happened. the busier the list, the more you have to protect people from it.

And FWIW, turning off mailback validation does not imply you leave your list open.

My lists that don't mailback validate do other things to limit the chances of someone getting slammed. for instance, I don't have an email access point for subscriptions, so the standard "slam subscribe" tools out there are useless. I can't be part of an automated attack. All subscriptions come through a web site (or in my case, one of four web sites, three of which I don't have direct control over, which complicates things. And that's an issue Murr doesn't seem to catch -- not all of these issues are things where you have final say on the matter)

The subscribe CGI should be protected from automated slam subscribes. How I'm doing this I won't say offhand, but email me privately if you want more details.

If you do these things, you limit slams to those where a user physically goes into the web site and types in an email address. Those still happen -- but the number is tiny.

The next level of defense is the welcome message. Every subscription gets one, and the welcome message includes multiple ways of unsubscribing, including a pre-encoded URL that takes you to the unsub page with the email address pre-loaded. It's literally a two-click operation. (it doesn't solve the problem of the person who won't read the mail, but.... ). Effectively, there IS a mailback validation here; it's opt-out instead of opt-in.

The next level of defense is that if you do this, you need to make sure you have administrative resources to answer and handle mail. the postmaster has to be available and responsive -- problems happen, they can't fester.

Finally, the system is set up to allow my to blackhole problem addresses and domains. If someone reports they're being repeatedly subscribed, they can be (and are) blackholed.

Not having mailback validation doesn't imply no protection. And to put it bluntly, I see a much higher incident of problems on my "normal" listservs through info/subscribe bombs than I do through my big system. The big system was designed to avoid the automated bomber tools, and that in itself solves 99% of the problems.

There is no one true way of doing email systems. Those who think so need to widen their horizons. Life is complicated, email is exceptionally complicated, and simplistic "this is the only way things can work" responses are, oh, non-constructive. There are many different ways email is being used, with different audiences, and you need to target your solutions to your needs and audience.

Chuq Von Rospach - Plaidworks Consulting (mailto:chuqui @
plaidworks .
Apple Mail List Gnome (mailto:chuq @
apple .

And they sit at the bar and put bread in my jar
and say 'Man, what are you doing here?'"

Indexed By Date Previous: Re: Confirmation Required
From: blaise @ scadian . net
Next: Re: Confirmation Required
From: "Roger B.A. Klorese" <rogerk @ QueerNet . ORG>
Indexed By Thread Previous: Re: Confirmation Required
From: Chuq Von Rospach <chuqui @ plaidworks . com>
Next: Re: Confirmation Required
From: "Ronald F. Guilmette" <rfg @ monkeys . com>

Search Internet Search