[Mailman-developers] what to do with confirmation of web based subscriptions

[Barry A. Warsaw]

>>>>> "S" == Scott  <scott@chronis.pobox.com> writes:

    S> i'd like to make it impossible for a
    S> person to subscribe some other unconsenting person to a
    S> mailling list.

...while still allowing someone to subscribe to a list using a
perfectly valid alternative address.  Scott, I haven't seen your
patches, but I know that other ML managers handle this in a useful
way.  They will send a confirmation email to the alternative address
that contains a partially random string.  The user need only reply to
the message and include verbatim this string.

This seems like a small hurdle to impose given the important nature of 
this defense.  A small explanation included with the email (along with 
a link to a detailed Web page) would go a long way to easing any
inconvenience.

    S> the only reason i can think of is that people don't want
    S> subscribing to involve two steps.  i don't personally find this
    S> valid given the nature of folks to abuse such services.

I highly agree!

-Barry