Jered Floyd writes: > Is there any way to provide personalized List-Unsubscribe header > links,
Google should do it in their implementation -- they know which of dozens of equivalent addresses the post was sent to, and it's quite likely to be available in the header of the delivered post (and if not it's easy to add). For Mailman, not without adding a new feature. The current approach takes the sender of the "unsubscribe" message as the address to unsubscribe. While this is not currently hard to spoof, it does cut down on mere mischief. If spoofing becomes a problem, it would be sraightforward to check for From alignment, which should make spoofing very hard, as the overwhelming majority of users use providers who DKIM sign and check the login. An URL which specifies the address to unsubscribe would need to be authenticated in a different way, requiring a different command for a MAILTO URL, or a different scheme such as HTTPS. > or have Mailman ignore dots in gmail.com addresses... I think we already canonicalize addresses to lowercase, and I'm unaware of problems with that, as apparently essentially all providers ignore case. Theoretically we could do that, but ... catering to Google breakage?! I'll do it for money, maybe somebody else will volunteer. If we're talking about a new feature, I think the most straightforward approach is to use RFC 8058[1] "one click" URLs. I believe it is already implemented by Gmail and Yahoo, I don't know about Outlook or the open source MUAs. This would require a substantial (but straightforward[2]) addition of code, and of course personalized delivery (I don't know if anyone balks at that any more, though). > or... anything? I'm finding reported spam percentages > in the Google Postmaster Dashboard exceeding 0.1%, which causes > massive delivery blocking to GMail-based subscribers. That's obnoxious. If they can get reported spam rates down to 0,1%, almost certainly 90% of reports are subscriber malfeasance or incompetence! > While I would gladly ban everyone who uses gmail, that sadly > accounts for about half of the Internet today and would be > incredibly unproductive. Aw, c'mon, be a hero! (^^) Gmail has gotten so enshittified, but it just doesn't seem to matter, does it. Footnotes: [1] https://datatracker.ietf.org/doc/html/rfc8058 [2] That is, we'd need to add a new location in Postorius and code to accept POST access to it, encrypt/decrypt functionality to handle an opaque token (to prevent automated denial of service by folks without access to the person's email) or a table of one-time tokens with expiration (same purpose, and expiring so the database doesn't grow infinitely). What we wouldn't need to do is to change any exsting code. _______________________________________________ Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-le...@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ Archived at: https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/FHRBNF3W25NUOBCAVTXSZE4Z3H6WHGPR/ This message sent to arch...@mail-archive.com
