[Mailman-Developers] one-click unsubscribe
Jim Gottlieb
jimmy-ml at nccom.com
Thu Jan 29 04:31:46 EST 2004
On 2004-01-29 at 00:23, Barry Warsaw (barry at python.org) wrote:
> When you say "VERP-like" I think you mean more along the lines of a
> mail-merge or content personalization feature.
What I meant was using a string including a random number, like what is
done for confirmations. It's not really related to VERP. That was a
poor choice of words.
> You have to do this in an unguessable way, otherwise, attackers can
> simply unsubscribe anybody they want from a mailing list.
Right. That's what I was talking about.
> I believe I have a way to limit, based on list configuration, such
> "$mm:" substitutions to the headers and footers, or to allow such
> substitutions to occur anywhere in the message text (headers, body, and
> MIME attachments included).
That sounds encouraging.
More information about the Mailman-Developers
mailing list