Hello Bill, > I refuse to participate in your research, as all evidence I have is that VT > is grossly unethical and allows incompetents to run research projects. I hear your frustration with this, and will not defend the measurements that took place in February. As outlined below, we will work on limiting our measurements to people that clearly opted in, and would appreciate feedback on that.
> So, are you REALLY opt-in? Holw do you authenticate that? Trusting what a > stranger types on a web page? > > That would be yet another abusive and incompoetent study design. Only trusting the address entered would be single-opt-in, and--as you note--insufficient. Instead, my current plan would be the following: - Enter email on website; - Receive a results URL with a random identifier - On that page, be requested to send an email from the entered email to 'opt-in@...'; Should be a) SPF compliant and b) Validly DKIM signed. - If an authenticated mail is received, we send a measurement email in reply and start to display the results - If an insufficiently authenticated mail is received we only display 'An opt-in message was received but failed SPF/DKIM/both authentication.' on the page without sending an email. The main issue I see with that design atm is that it allows any user behind an MTA to opt-in the whole setup; What might make more sense is restricting this to selected from addresses (postmaster@?). I would appreciate opinions on this. With best regards, Tobias _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
