On Tue, 5 Feb 2002, E M wrote: > .: Problem :. > While Intel requires you to login to modify account information, it does not > require you to login to remove your e-mail (or any e-mail) from its mailing > list database. This is nothing new. The web interface is new, but being able to remove users from mailing lists without any verification is not. Many mailing lists - especially large volume ones - will remove any address that bounces. Creating a forged bounce request is quite trivial. The fix for this requires sophisticated bounce tracking software. The only real way to fix this problem is to send each recipient a message with a custom-encoded FROM envelope address, such as: bounce-<user-id>-<security-key>@example.com Where the user-id is some sort of database identifyer and the security key is simply a random number kept in the database to prevent malicious activity (it could also be some sort of cryptographic code). When the example.com mail server receives a message to bounce-xxx-yyy@example.com, it checks the security key, verifies that the bounce is a permanent bounce, and deletes the user. You can also do something similar with WWW removal links: Click http://remove.example.com/<user-id>/<security-key> Most mass mailing systems don't do any of this, though, since this requires sending a unique message to every recipient. Instead of sending one body with lots of envelope addresses to, say, AOL, you end up sending lots of complete messages - including duplicate copies of the body - to AOL. -- Joel Maslak
