Have been watching this thread for a bit, and do have an opinion.
First of all, I see a lot of talk about 'COI' (Confirmed Opt-In), rather
than the term 'CDOI' (Confirmed Double Opt-in) and the reason I point it
out, is that there is a lot of loose definitions of both 'opt-in' and
'confirmed'.
While it might be more 'attractive' to offer a simple 'click to
confirm', why are you not using the more standard 'Please Reply To' this
message if you want to receive these messages?
This would solve the problem being discussed, and ensure that the
recipient truly wants your message.
On 16-05-26 08:06 AM, Alberto Miscia via mailop wrote:
This opens up for an interesting discussion.
We experienced the very same issue in the past for few customers and
enabling a captcha was the only viable option.
The "bots" (don't really know actually) managed to complete a COI
process with several free accounts.
Ip ranges were different some on CBL some not but blocking a listed IP
in a COI process can be dangerous.
For the very same reason I'd rule out e-hawk and alike.
The vast majority of the addresses were listed on cleantalk.org
The hidden link in the confirmation email (an HTML comment would work
better than a "white-on-white tiny font" from a
deliverabilityperspective) in may opinion is the way to go.
Even if it can be very tricky to implement, we are seriously
considering it to prevent bot clicks across the board.
HTH
Alberto Miscia | MailUp | Head of Deliverability & Compliance
2016-05-26 15:05 GMT+02:00 Vick Khera <vi...@khera.org>:
On Wed, May 25, 2016 at 6:04 PM, Al Iverson <aiver...@spamresource.com>
wrote:
I've heard John Levine propose the "hidden link to catch scanning
robots" solution but I've never heard of an email system implementing
I'm running through my head how that would work, and makes for some very
complicated state transition diagrams to go from "signup requested" to
"confirmed". What if they scan in parallel and the timing works out they
poked them in the opposite order, etc. I see a few new states and many
transitions, and some timeout based events. Not pretty.
it. Similarly, senders have often suggested that spamtrap systems
shouldn't follow links. (Security systems, sure, but don't do that
with spamtrap addresses.) And today I heard it suggested that it would
be wiser to have COI have a second click (probably an HTTP POST-based
What if the confirmation email button itself was a POST form rather than
just a GET to a page? Are scanning systems following POSTs too?
button) on the landing web page, to prevent security systems from
erroneously completing COI confirm steps. All good stuff, but it
I don't think you're going to get much buy-in for requiring so many clicks
to get activated. I know we already lose customer just for requiring COI.
Making the COI be more work for the subscriber will just make people go
elsewhere faster.
doesn't sound as though any of it has been widely broadcasted as a
best practice or requirement.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
------------------------------------------------------------------------
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
