At 11:56 PM 2002-11-22 -0500, Tom Neff wrote:
>--On Friday, November 22, 2002 11:37 PM -0500 murr rhame <murr@vnet.net>
>wrote:
>>I'm looking for a rehash of the whole debate on why confirmed
>>subscribes should or should not be. I'd just like to know what
>>situations folks find acceptable for not using confirmations.
>
>Well, here's one example, I have a set of 5-6 working groups that we set
>up after a strategic planning exercise. They're all going to be done and
>out of business in two months or less, and they're all comprised of busy,
>non "techy" people who agreed to communicate in this way because they were
>told it was easy and reliable. I just want them to be able to join,
>and/or put them in myself. I'm not worried that brp2340928348@yahoo.com
>is going to try to join and scarf the roster, I'm not trying to manage
>some 15-year-running sacred community with elders and hobbits and trolls
>and stuff, I'm just trying to get some working listspace going for people
>I *know* want to be there, with a minimum of BS.
Well, I disagree that confirming a subscription is BS, but to some extent,
it depends on how you get the e-mail addresses. I am constantly getting
rejected subscriptions. The characteristics of the rejected messages, when
I look at them, are of the latest spate of e-mail viruses. A subscriber to
list A who has the -subscribe address for list B recorded somewhere now
sends messages to the -subscribe address in the name of everyone they have
ever seen an e-mail from, including all of the active members of list A.
You can't assume that there was any intent by a user to do something with
e-mail just because e-mail arrives. When I converted to Mj2, I added
-subscribe and -unsubscribe addresses, and a couple months later, I started
to get notes that people were being unsubbed, again, when I looked at the
source mail, the mail looked klezzy, not malicious (the attachments were
gone, I demime all mail to command addresses). I decided to keep the
-unsubscribe addresses, but I added a note about random e-mail from klez to
the confirmations and I now confirm unsubscribes. I also confirm
subscribes, and I have gotten klezzy subscribes.
But back to the issue above. It is fairly clear that you do not understand
the purpose of confirmations. They exist mostly to protect the innocent
from your lists, secondarily to protect you from those who claim that you
have added them without their permission. That was almost a side effect.
The reason that lists added confirmations was upyours, as you may or may
not remember. They became an integral part of the war on spam
later. People who ticked someone off on IRC or a mailing list got added to
hundreds or maybe thousands of unconfirmed mailing lists. Someone just did
this to one of my mailing lists, they subscribed it to many mailing lists,
the good news is that there were not as many. You block topica, you block
about half of them. The list is confirmed, and limited postings to
subscribers, and simply accumulated a lot of unconfirmed posts (the list
was set up to confirm the postings with the poster before bothering the
moderator).
Running unconfirmed mailing lists, in my opinion, is anti-social. It is
sort of like leaving your liquor on your back porch, unlocked when you know
that the six year olds from next door occasionally look and see what is out
there. You have created an attractive nuisance that idiots will not be
able to stop themselves from abusing.
In a situation like the above, I have much less problem with you adding the
people yourself - the risk of being accused of spamming is on you in that
case, and one assumes that you have probably talked to them in person or
exchanged e-mail with them. There is a confirmation of sorts, it is just
not formal. I have a real problem with you leaving the "attractive
nuisance" around to be abused. Admins filter broadcast pings for the same
reason. It may not bother them much to send a few hundred packets out once
a second. It will, eventually, kill the recipient of the attack. The same
issue applies there. Not filtering the broadcast pings was like
maintaining an attractive nuisance around to be abused.
To specifically answer Murr's question, I would not have much of a problem
with, say, a sublist of a list being formed, and the person doing it
posting to the original list, "For the first two days, there will be no
confirmation, just send to this address." In that case, effectively there
is an exchange because of the timing and the limited audience --- this is
especially true if you do not generally allow your lists to be
listed. Once the existence of the list is widely known through list pokers
and search engines, then I have more of a problem with the list remaining
unconfirmed.
The same sort of amplifier/denial of service was used by the "upyours"
folks. They would subscribe some hapless victim to thousands of mailing
lists. It was not that they got thousands of confirmations --- once ---
they got tens of thousands of e-mails every day, and frequently just
abandoned their e-mail addresses rather than going through thousands of
unsubscribes. This was back when people like mail.com were advertising a
"lifetime e-mail addresses" and people considered their e-mail address
sacred --- I remember debates about whether commercial enterprises should
forward e-mail after people left employment and for how long. Causing
someone to abandon an e-mail address was a major coup, and no one had
filtering. These days you might not notice the mailing lists among the
spam. :-)
But, essentially, because spammers add people to lists wholesale and allow
them to unsubscribe, (opt-out) and because they have been known to claim,
"Gosh, all those addresses were added to the list at our web site. Maybe a
friend added your address?" it became essential to keep records and to
enforce confirmation strictly.
Personally, I think that not enforcing confirmation would be risky. I know
I could not run lists like that, my ISPs would bounce me. And having lived
through the upyours era, and having scifi.maid.com in the upyours list of
"amplifiers", my face was rubbed into exactly how antisocial that behavior was.
So, for me, very limited circumstances for unconfirmed lists. And no
excuses for permanent, automated, unconfirmed lists. People who run sites
like that are just bad neighbors who put the interests of the limited
number of list participants who are too stupid to subscribe over the good
of the net as a whole. If you really need to have a list that caters to
people who are too technically unskilled to confirm (but who, somehow, can
understand what e-mail is and how to send it) should manually manage the
subscriber lists for those lists and simply do their confirmation by
sending a short, English note of the sort, "Hi! We look forward to having
you on the list-for-the-technically-inept. I should warn you that the list
generates five emails per day on a busy day. That is not very many, but
some people think that is a lot. I will be happy to put you on the list if
you want, or we also have a digest. Which would you rather be on?"
There is absolutely no excuse for a list which can't have the subscriber
list manually maintained and can't confirm subscriptions.
--
If you doubt that magnet therapy works, I put to you this observation: When
refrigerators were first invented, in the 1940s, they were rather
unreliable, but then they became significantly more reliable. The basic
design of the refrigerator did not change, and we all know that quality was
important back then, so I doubt that newer refrigerators are made better.
Refrigerators have become more reliable because of the rise of the
refrigerator magnet.
Nick Simicich - njs@scifi.squawk.com
References:
|
|
