On Wed, May 25, 2016 at 6:04 PM, Al Iverson <aiver...@spamresource.com>
wrote:

> I've heard John Levine propose the "hidden link to catch scanning
> robots" solution but I've never heard of an email system implementing
>

I'm running through my head how that would work, and makes for some very
complicated state transition diagrams to go from "signup requested" to
"confirmed". What if they scan in parallel and the timing works out they
poked them in the opposite order, etc. I see a few new states and many
transitions, and some timeout based events. Not pretty.


> it. Similarly, senders have often suggested that spamtrap systems
> shouldn't follow links. (Security systems, sure, but don't do that
> with spamtrap addresses.) And today I heard it suggested that it would
> be wiser to have COI have a second click (probably an HTTP POST-based
>

What if the confirmation email button itself was a POST form rather than
just a GET to a page? Are scanning systems following POSTs too?


>
> button) on the landing web page, to prevent security systems from
> erroneously completing COI confirm steps. All good stuff, but it
>

I don't think you're going to get much buy-in for requiring so many clicks
to get activated. I know we already lose customer just for requiring COI.
Making the COI be more work for the subscriber will just make people go
elsewhere faster.


> doesn't sound as though any of it has been widely broadcasted as a
> best practice or requirement.
>
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Reply via email to