On 8/13/20 7:45 PM, Stephen J. Turnbull wrote:
That said, I have some ideas for how to make this safe for corporate Germany, specifically, keep a database of user-specific OTKs. (These could be time-limited -- with the server returning a "use a more recent message's URL message -- or permanent.) For the usera/userb reasons Mark gives, and the preview-url reason you give, this is *still* not going to be safe for discussion lists. But if the From: is <noreply@DeutscheKompany.co.de>, so you have to shoulder surf and have a photographic memory to get the user's unsubscribe URL, it should be reasonably secure for announce lists and newsletters.
I have experience with a one way email newsletter from Constant Contact. These have a link to unsubscribe and also a link to forward the email to someone else. We ultimately added our own
If you want to forward this email, please press the Constant Contact
"Forward this email" link below. If you use your
"forward" button, you might be unsubscribed.
note just above those links because people were forwarding the mail and getting unsubscribed when the person they forwarded it to clicked the unsubscribe link. The real pain is once a user is unsubscribed in this way, the mailing manager can't add her back. She has to personally deal with Constant Contact do get them to remove her from their "do not mail this address" list.
FWIW, our note seems to help reduce if not eliminate the problem.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan