On 20/01/2021 10:50, Stefano Bagnara via mailop wrote: > I'm looking for brainstorming and updated industry "standards" from people > handling outgoing SMTP services or ESP exporting APIs to "request > subscriptions" (confirmed opt-in).
How about a web-based process to confirm opt-in? Domains could opt into it by a DNS TXT record providing the URL of a confirmation service. This would function something like OpenID and the result would be a confirmation or rejection of the subscription. Some kind of time-limited attestation URL could be used to allow the result to be relayed elsewhere for further processing. Potential issues with this include widespread phishing (because the user won't check they're on their provider's website) and providers gaining detailed insight into mailing list subscriptions (but they can imply those already by the email received). Optimisations could include the provider approving some subscriptions without user interaction if the intent is solely to prevent subscription bombing (but it would be nice to have true confirmed opt-in processes). It would take time to be adopted but it would put an end to "enter your email address" forms accepting anything that is entered. -- Simon Arlott _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
