moderated Re: Expire invitations after 14 days #suggestion


On Mon, Apr 19, 2021 at 01:04 AM, Shal Farley wrote:
The invitation email contains a link "accept the invitation" which IS
effectively a login link. That is the problem that was reported,  ...
I noticed a similar security problem when my group first migrated to in 2019. I had set up a small task force to evaluate Mark's software before bringing all 1,000 members over from Anyway, there's a footer at the end of every message distributed to my group:

Group Owner:
During the exploratory period I noticed that people were posting replies to messages and quoting everything in the original message, including this "unsubscribe" link. This of course meant that any member in the group could unsubscribe the careless poster, if he wanted to, and knew how.

I believe I've educated my group members well enough that this never happens any more. At least, I haven't seen it in over a year. But careless people can definitely cause problems with "encrypted" links. Those ought not fall into the wrong hands. And it might make sense to strip them out of incoming messages from members. I told everybody this can only happen if you reply by email, and encouraged everybody to post their messages from the web site. But people are lazy, and sometimes careless. There's no way to "fix" that.
David Bryant
Canyon Lake, Texas

Join to automatically receive all group messages.