[cameldrv]

Requiring the user to login to unsubscribe also has the nice effect of requiring them to know the password, otherwise they have to go through the reset procedure. Of course you need to be really secure and do 2FA as well.

Hey, if this reduces the number of people who successfully unsubscribe, don't blame me, I'm just over here trying to make sure things are secure!

[kugelblitz]

Yep.

Don't want these marketing emails? Unsubscribe here.

Oh, you need to login in order to do that.

No, that's the wrong password for your account. Forgot password?

Hm, we don't see your account existing. Probably a different email address?

... sigh... sent a couple of emails to the data protection contact listed, but after 5 years, I still get the emails and I occasionally try to login again.

So I just automatically mark it as spam every time.

But probably because they're a small provider and don't have the resources; this is the largest telecommunications provider in Germany.

[kragen]

the standard approach is that unsubscribing sends an unsubscribe confirmation mail to the subscribed email address, replying to which confirms the unsubscription. nothing about logins or passwords or the web. this has been standard practice for 25–30 years

[murderfs]

I have never seen anyone do that and I believe it has been literally illegal in the U.S. for the last 20 years. From https://www.ftc.gov/business-guidance/resources/can-spam-act...:

"You can’t [...] make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request."

[kragen]

this is not 'taking any step other than sending a reply email' and it's the standard way mailing lists managed with mailman or majordomo or ezmlm have worked for quite a bit longer than 20 years

also, according to that page, the can-spam act only applies to 'any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service', not to mailing lists

[ghusbands]

You keep talking about a particular style as though it is standard practice that's essential for security, even though it is both unusual and now illegal in many parts of the world.

I have not seen such an unsubscribe flow in more than a decade, at this point. I assume you're thinking of mailman or some other similar solution that was already dated two decades ago, let alone now.

[kragen]

something can simultaneously be standard practice in one community, essential for security, unusual in another community, and illegal in many parts of the world, though nobody seems to have found any laws against the standard mailman unsubscription mechanism in this thread

it is understandable that people who are not familiar with a cultural practice might seek to marginalize it, but that does not make it right

i don't really care about making life easier for people who send email advertisements (a cultural practice i am sadly all too familiar with) but i think discussion email lists are important and valuable, even if you personally don't participate in them

[QuadmasterXLII]

That’s gonna catch a report spam from me dawg

[kragen]

hopefully people like you won't be able to figure out how to subscribe to the mailing list in the first place

[LinAGKar]

Not only that, it also requires then to accept your EULA/Privacy Policy before you let them unsubscribe.

[kragen]

requiring web access to subscribe or unsubscribe is unacceptable

[bulbosaur123]

There is a special place in hell for people who require login to unsubscribe