>The idea that came up, which I really like, is to move the
>"authorization" token out of the e-mail space and into the web space.
>Instead of sending an auth string a user has to send back in a way the
>list server can process, you send the user a URL, which points in some
>customized way back to your web site. The web site can then verify the
>token and data, and use the admin password or whatever to sneak behind
>the standard list server mailback authorization.
Our plan was to have a seperate user registration system that includes
email verification that works much as you suggest. You give the system a
username, password and email address, it then mails you a URL which
includes a one off password. You then access that URL to have the account
enabed (and email address verified) or go a verification form and enter the
one off password. Once you're registered you should be able to effectively
fake mail from that verified email address to the mailing list system. We
currently only use this to allow you to post messages off the back of the
web archive but the intention (and it's not that much work) was to allow
you to get a list of mailing lists and subscribe/unsubscribe to these.
I'd still like to clean it up a little but you can try this at:
Here's the sort of message that you'd get back:
Thank you for registering with UK Citizens Online Democracy.
To fully complete the registration process, and validate your
email address please use a web browser to access the following
The details of your account are as follows (you may wish to store these
for later reference):