also it violates longstanding security measures against malicious prank unsubscribes; it means that if you forward an email list message to someone else, they can unsubscribe you without your consent as a prank
Requiring the user to login to unsubscribe also has the nice effect of requiring them to know the password, otherwise they have to go through the reset procedure. Of course you need to be really secure and do 2FA as well.
Hey, if this reduces the number of people who successfully unsubscribe, don't blame me, I'm just over here trying to make sure things are secure!
Don't want these marketing emails? Unsubscribe here.
Oh, you need to login in order to do that.
No, that's the wrong password for your account. Forgot password?
Hm, we don't see your account existing. Probably a different email address?
... sigh... sent a couple of emails to the data protection contact listed, but after 5 years, I still get the emails and I occasionally try to login again.
So I just automatically mark it as spam every time.
But probably because they're a small provider and don't have the resources; this is the largest telecommunications provider in Germany.
the standard approach is that unsubscribing sends an unsubscribe confirmation mail to the subscribed email address, replying to which confirms the unsubscription. nothing about logins or passwords or the web. this has been standard practice for 25–30 years
"You can’t [...] make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request."
this is not 'taking any step other than sending a reply email' and it's the standard way mailing lists managed with mailman or majordomo or ezmlm have worked for quite a bit longer than 20 years
also, according to that page, the can-spam act only applies to 'any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service', not to mailing lists
You keep talking about a particular style as though it is standard practice that's essential for security, even though it is both unusual and now illegal in many parts of the world.
I have not seen such an unsubscribe flow in more than a decade, at this point. I assume you're thinking of mailman or some other similar solution that was already dated two decades ago, let alone now.
something can simultaneously be standard practice in one community, essential for security, unusual in another community, and illegal in many parts of the world, though nobody seems to have found any laws against the standard mailman unsubscription mechanism in this thread
it is understandable that people who are not familiar with a cultural practice might seek to marginalize it, but that does not make it right
i don't really care about making life easier for people who send email advertisements (a cultural practice i am sadly all too familiar with) but i think discussion email lists are important and valuable, even if you personally don't participate in them
Forwarding an email should strip this header, probably along with most of the other irrelevant ones potentially containing sensitive information the user isn't aware of. Forwarding an email with GMail only keeps the From, To, Date and Subject headers.
> it means that if you forward an email list message to someone else, they can unsubscribe you without your consent as a prank
Surely that is a bug in the email client that forwarded the email. It should have replaced the headers, including List-Unsubscribe, with its own.
That looks to be what's happened in the emails I receive. The one exception would be if someone forwarded an email as an attachment, but in practice almost no one does that.
I haven't unsubscribed from a list in years, perhaps decades, despite being subscribed to a few. So I can only tell you from memory. In Thunderbird, I believe I've see a "List Unsubscribe" button in the list of actions available, alongside "Reply-All", "Edit as New" and so on.
In GMail I believe senders that have this implemented now have a big blue UNSUBSCRIBE button next to their email address at the top of the message.
- we're just about to discuss a contentious topic and vote on it. i bet bob and lauren will be opposed to our suggested solution. wouldn't it be nice if they accidentally happened to get unsubscribed for a few days without notice, so they can't rebut our arguments?
- adding a new member to the list requires a vote of approval of the existing members. bob apparently unsubscribed last week and now he wants to resubscribe. can we take a vote on whether to let him back in or not?
- when someone who isn't a member of the list attempts to post to it, we add their domain to the spam blacklist and report them to vipul's razor. hmm, weird that bob.example.com is on our spam blacklist, how could that happen?
- bob, i'm afraid i have to write you up for having violated the new company policy i posted to the policy-announce-important list last week. well, if you didn't read it, that's your problem
In other words, you made these scenarios up and you know perfectly well that they're unrealistic, but now the onus is on everyone else to prove you wrong.
As far as pranks go, this is one where I'll probably thank the prankster instead of being annoyed. Even stuff I'm subscribed to intentionally, I can live without if it went away.
according to https://www.ftc.gov/business-guidance/resources/can-spam-act... the can-spam act only applies to 'any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service' so it's irrelevant to mailing list discussions
Hey, if this reduces the number of people who successfully unsubscribe, don't blame me, I'm just over here trying to make sure things are secure!