On Mon, Apr 19, 2021 at 01:04 AM, Shal Farley wrote:
The invitation email contains a link "accept the invitation" which ISI noticed a similar security problem when my group first migrated to groups.io in 2019. I had set up a small task force to evaluate Mark's software before bringing all 1,000 members over from yahoo.com. Anyway, there's a footer at the end of every message distributed to my group:
Group Owner: firstname.lastname@example.org
During the exploratory period I noticed that people were posting replies to messages and quoting everything in the original message, including this "unsubscribe" link. This of course meant that any member in the group could unsubscribe the careless poster, if he wanted to, and knew how.
I believe I've educated my group members well enough that this never happens any more. At least, I haven't seen it in over a year. But careless people can definitely cause problems with "encrypted" links. Those ought not fall into the wrong hands. And it might make sense to strip them out of incoming messages from groups.io members. I told everybody this can only happen if you reply by email, and encouraged everybody to post their messages from the web site. But people are lazy, and sometimes careless. There's no way to "fix" that.
Canyon Lake, Texas