On Fri, Mar 23, 2018 at 06:58 am, Shal Farley wrote:
Yup. The +subscribe email command may have been spoofed. If the person is logged in to the web site that's not a concern.You assume the person is already a groups.io member and CAN log in. But if the person is not yet a groups.io member and they request membership via the web, they may not have entered their own or a valid email address. Why is the Pending Subscription notice not held until after they confirm in that case, also? Or is it, and it's just that Mark did not include this case in his write-up?
I think Mark could safely remove the confirmation requirement for any +subscribe commands where the sender can be authenticated.This sounds a lot better.
One thing that Yahoo Groups does is log the +subscribe receipt itself,That would help as well. It is vexing that moderators are not even informed, in any way, shape, or form, that the person has applied for membership. Sometimes we will hear, from outside the system, from someone telling us, or posting on some FB group, that they've "just applied and are waiting for acceptance." And then several days go by, and we hear and see nothing. Or we will see that they've posted that in some other FB group. Yet we have no knowledge or record of the request and don't know how to help them, or we think that something has gone awry. I am constantly having to repeat and repeat to people, "Check you inbox and your spam folder" and then repeat that "sometimes, emails from groups.io goes into spam folders." I don't like to blast that all over FB groups, or PM people about it whom I don't know (assuming that I have any way to reach them at all). At least if there were a log entry with the email address, we'd have knowledge that they applied and who they are, and that they applied via email and need to confirm.
Not that those are particularly well worded. Many mods of restricted groups have been shocked to see "membership confirmed" in the log for people they haven't approved - but that's not what happened. The later entry ought to have said "Membership request confirmed via email".I agree that a lot of this is poorly worded. If I can get a precise sequence of events (including the "ignored" notifications to mods), I could make some overall suggestions. But obviously, I still lack some details of what's actually going on and why.
That's because this is confirming that they sent the +subscribe command. It is unrelated to confirming their email address as part of getting their account set up.In that case, that particular email needs to be re-worded as well. It currently refers to the person's interest "in groups.io and xyz group," as if they're not already a member of groups.io (and I will not send Mark the example because I now see that this is working as intended, although I think the "as intended" part could use some tweaking, as we are discussing).
Messages are the sole opinion of the author, especially the fishy ones.
I wish I could shut up, but I can't, and I won't. - Desmond Tutu