Nothing personal, but for interop purposes, the opinions of ops people
at large mail systems matter a lot more than your opinion or mine.
They may have their views, but the spec is for the world at large,
and I do think that the "email unsubs may DoS the sender" rationale
will be seen as a feature and not a bug by many potential adopters.
We can provide a more broadly useful rationale.
We seem unable to agree on why we're not doing one-click mailto:, and in
any event since we're not doing it, it's irrelevant to the spec, so I
commented the paragraph out of -06.
There's a reason why browsers send "Origin:" headers, the MUA should
do the same when doing POST requests based on email headers.
MUAs have been doing GETs and, for messages with forms in them, POSTs
for over a decade. What origin headers do they send now? Why is this
different?
R's,
John