On Wed, May 25, 2016 at 6:04 PM, Al Iverson <aiver...@spamresource.com> wrote:
> I've heard John Levine propose the "hidden link to catch scanning > robots" solution but I've never heard of an email system implementing > I'm running through my head how that would work, and makes for some very complicated state transition diagrams to go from "signup requested" to "confirmed". What if they scan in parallel and the timing works out they poked them in the opposite order, etc. I see a few new states and many transitions, and some timeout based events. Not pretty. > it. Similarly, senders have often suggested that spamtrap systems > shouldn't follow links. (Security systems, sure, but don't do that > with spamtrap addresses.) And today I heard it suggested that it would > be wiser to have COI have a second click (probably an HTTP POST-based > What if the confirmation email button itself was a POST form rather than just a GET to a page? Are scanning systems following POSTs too? > > button) on the landing web page, to prevent security systems from > erroneously completing COI confirm steps. All good stuff, but it > I don't think you're going to get much buy-in for requiring so many clicks to get activated. I know we already lose customer just for requiring COI. Making the COI be more work for the subscriber will just make people go elsewhere faster. > doesn't sound as though any of it has been widely broadcasted as a > best practice or requirement. >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop