moderated Re: Member keeps being unsubscribed, and re-joins with settings he did not set #misc

Andy Wedge

Andy I,

On Thu, Feb 25, 2021 at 12:28 AM, Andy wrote:
So if person A forwards a group email to person B, and person B clicks on the "unsub" link in the footer of that email, person B should not be able to unsubscribe person A, unless person B also knows person A's login password -- right?
No. The Unsubscribe link in the email footer is personalised, in common with so many other mailing lists.  So if person A forwards an email with an unsubscribe link at the bottom, they are effectively giving away their credentials for that group and there is no need for person B to login to unsubscribe person A.  When the unsubscribe is completed in this way, sends one further email to the unsubscribed account address with a resubscribe link.

As I said, personalised unsubscribe links are used in many mailing lists and very commonly in advertising emails so it is not a specific feature of People either don't think or don't realise what they are sending when they forward these types of emails to others.  I make a habit of editing out any unsubscribe links if I forward an email to someone else.

  That was one of the concerns I had too.  Also if person B fakes person A's "from" email address and sends an email to the +unsubscribe address, there is a confirmation email that only goes to person A, so person B should not be able to confirm.
If receives an unsubscribe request via email (that apparently comes from person A), sends a confirmation email to the account address.  The 'From' address of the confirmation email contains the group name and two strings of numbers (which is personalised information for 'A'), and when a message is sent to that address, unsubscribes the account from the group. The message sent to that address would typically come from person A sending a reply but if person B has access to person A's email account then they could reply instead.  However, if person A forwards the confirmation email to person B (effectively giving away their credentials), then person B could send an email to that 'From' address and unsubscribe person A.  When someone unsubscribes via email, no email from with a resubscribe link is sent.

From my limited testing over a short period of time, the 'From' address on a unsubscribe confirmation email is unique to a person and group and may not be time limited so any message sent to that address at any time would unsubscribe that person/group combination.  Why they would come back into a group with different subscription options is a mystery to me. I believe (and someone correct me if I'm wrong) that using a re-subscribe link should keep the same settings but just going through a 'standard' join process, they should end up with the group defaults (those in Default Sub Settings).

Andy W

Join to automatically receive all group messages.