Date   

moderated Re: include dropdown for actions on topics in topic search results #suggestion

Bob Bellizzi
 

The way I get around this shortcoming is to have (at least) two tabs open on the browser (or two browser windows); use one for the serching and use the other the do any editig, etc.
--

Bob Bellizzi

Founder, Fuchs Friends ®
Founder & Executive Director, The Corneal Dystrophy Foundation


moderated Re: Email +Unsubscrbe command send-and-done #suggestion

 

Mark,

I wrote:

I think SPF is sufficient. All you need to know is that the domain in
the From address allows the IP address that delivered the message as
a legit sender.
I should note that I'm proposing an unconventional (and possibly incorrect) use of SPF - I intend this test to be made after the message has been accepted (past whatever connection-time tests you use) and to be testing the domain in the RFC-5322 From address, not the envelope-from address. In this way it is a little like DMARC, but I don't think that the DKIM test used in DMARC is relevant - email commands don't care about the message body.

Shal

--
https://groups.io/g/Group_Help
https://groups.io/g/GroupManagersForum


moderated Email +Unsubscrbe command send-and-done #suggestion

 

Mark,

My answer to Helen in the "Changes to /leave email link" topic[1] brought this to mind. I've mentioned this before, but buried in an older thread about the /leave link[2]. Figured this deserves its own topic because it can be implemented independently of anything involved with the /leave link, and would be a substantial improvement to email commands.

A weakness of the +unsubscribe mechanism as implemented is that
members tend to think it is "send-and-done" but it is not. The
+unsubscribe command sends back a verification email, and the member
must receive that email and reply to it to complete their
unsubscription. If the member doesn't see the verification message
then the unsubscribe attempt fails."
[1]https://beta.groups.io/g/main/message/15060

Then as long as you have reasonable verification of the authenticity
of the received email command (say, it passes DMARC) you can act on
the unsubscribe (or any other command) without further confirmation
[2]https://beta.groups.io/g/main/message/1587

Thinking on it since then, I think SPF is sufficient. All you need to know is that the domain in the From address allows the IP address that delivered the message as a legit sender. In that case you know that the command wasn't forged, and you can safely act on it without further verification.

If for any reason you can't use SPF, or the email fails SPF, then revert to the current behavior: send and require a verification request email.

In the case of an unsubscribe, I would recommend the "nice" step of sending back a polite "goodby" notice - and that could include a "resume your subscription" link in case the user regrets the action, or the command passed SPF yet was still forged.

The only way that I can think of that an email command could pass SPF yet still be forged is if that email service allows its users to forge each others' email address. I don't think I've ever heard of such a case but that doesn't mean it doesn't exist. The mechanism might need to have an exclusion list for any services found to have that flaw. Hopefully that list will remain forever empty.

Shal

--
https://groups.io/g/Group_Help
https://groups.io/g/GroupManagersForum


moderated Re: Changes to /leave email link

 

Thanks, Shal. I'm only interested in the e-mail option, so I'm glad to hear Mark will not be making any changes to it. Thank you, Mark.

The verification e-mail requirement is no different to how it worked (maybe still does) with yahoo!groups, and I had few problems with that over the years. Andre made a valid point about blind members. I have a few blind members on my groups and we do endeavour to help them as and when necessary, as I'm sure Mark does too.

HTH

Helen

Shal wrote

As Mark pointed out this morning there is already the email +unsubscribe command, and it is not going away. Having the footer unsubscribe link be a mailto: using that command would eliminate this whole web-based mechanism under discussion.

A weakness of the +unsubscribe mechanism as implemented is that members tend to think it is "send-and-done" but it is not. The +unsubscribe command sends back a verification email, and the member must receive that email and reply to it to complete their unsubscription. If the member doesn't see the verification message then the unsubscribe attempt fails.


moderated Event: Scheduled maintenance, Friday, 3 November 2017 #downtime #cal-invite

main@beta.groups.io Calendar <main@...>
 

Scheduled maintenance

When:
Friday, 3 November 2017
9:00pm to 10:00pm
(GMT-07:00) America/Los Angeles

Description:

Linode has informed me that the hardware running one of our instances needs to be upgraded and that our instance needs to be migrated to another machine. Because this instance is pretty critical for the site, I need to take the site down to do the migration. I expect the downtime to last less than an hour. I will put a banner up on the site the day of the downtime.


moderated Re: include dropdown for actions on topics in topic search results #suggestion

 

Exactly. You expect the search results to be just a subset of the main list. Instead, information is lost, features aren't accessible, etc.
J

On Fri, Oct 27, 2017 at 11:38 AM, Shal Farley <shals2nd@...> wrote:
J,

> In general I would also like to see the same information in previews
> resulting from a search as from the complete list ...

I agree. To the extent feasible the search results should be the same as the full list, except having fewer entries.

Same thing for the Date filter (and all future filters). It is disconcerting to lose the menu button and the like indicator just because I narrowed the date range of the list.

Shal

--
https://groups.io/g/Group_Help
https://groups.io/g/GroupManagersForum





--
J

 

Messages are the sole opinion of the author, especially the fishy ones.

I wish I could shut up, but I can't, and I won't. - Desmond Tutu


moderated Re: include dropdown for actions on topics in topic search results #suggestion

 

J,

In general I would also like to see the same information in previews
resulting from a search as from the complete list ...
I agree. To the extent feasible the search results should be the same as the full list, except having fewer entries.

Same thing for the Date filter (and all future filters). It is disconcerting to lose the menu button and the like indicator just because I narrowed the date range of the list.

Shal

--
https://groups.io/g/Group_Help
https://groups.io/g/GroupManagersForum


moderated Re: Changes to /leave email link

 

Helen,

I agree with Shal on this. Forcing people who live their lives via
e-mail to go to web pages in order to leave a group is also
unaceptable to me.
In this thread mostly what I've advocated is improvements to the web page which is the target of the Unsubscribe link in each Groups.io footer. Though later I did refer to the use of a mailto: link instead as being potentially simpler.

One way it is simpler is in implementation. As Mark pointed out this morning there is already the email +unsubscribe command, and it is not going away. Having the footer unsubscribe link be a mailto: using that command would eliminate this whole web-based mechanism under discussion.

A weakness of the +unsubscribe mechanism as implemented is that members tend to think it is "send-and-done" but it is not. The +unsubscribe command sends back a verification email, and the member must receive that email and reply to it to complete their unsubscription. If the member doesn't see the verification message then the unsubscribe attempt fails.

While that sounds like a pretty bad flaw, note that current web based unsubscribe link has the same flaw: it requires that the member receive an "email me a link to log in" message (unless he/she already has a password and can log in that way, but that won't be the case for email-only members). The saving grace with the web-based approach is that the member is looking at a web page that is telling him/her that it is sending that email - so the member should expect to receive it, and might think to prowl his/her Spam folder if necessary.

So there are some more Pros and Cons to consider, in all directions.

Shal

--
https://groups.io/g/Group_Help
https://groups.io/g/GroupManagersForum


moderated include dropdown for actions on topics in topic search results #suggestion

 

If I search on some subject or term and find all topics referencing it, and I then want to take some action on all or some of them (such as adding a certain hashtag, deleting, merging, or whatever), I currently can't do that without clicking and going into them. There's no dropdown arrow with the action list until you actually click on and go into the topic. Whereas in the complete topic list, I can act on topics using the arrow that appears in each topic's preview, before going into it. Can the dropdown be included in search results, not just in the complete topics list?

In general I would also like to see the same information in previews resulting from a search as from the complete list - e.g., "Likes" to messages are not included in search results. There are probably others.
--
J

 

Messages are the sole opinion of the author, especially the fishy ones.

I wish I could shut up, but I can't, and I won't. - Desmond Tutu


moderated Re: Changes to /leave email link

 

...although on second thought, it may be impossible to prevent the email client from turning it into a link. So forget that idea.

On Fri, Oct 27, 2017 at 10:07 AM, J_Catlady <j.olivia.catlady@...> wrote:
On Fri, Oct 27, 2017 at 09:55 am, Mark Fletcher wrote:
We will always have the +unsubscribe email unsubscription option.
I think the objection to that was that a person who doesn't log onto the website in the first place doesn't know that that's the email address they can use to unsubscribe. I personally don't think that's too bad, because they can always do the "please unsubscribe me from this group" email - which, granted, people don't like to see, although again, I personally don't see it as a big deal. A workaround, although also somewhat awkward and space-consuming, would be to include in each email the info (not a mailto link, just the info) about the unsubscribe address.
 
--
J

 

Messages are the sole opinion of the author, especially the fishy ones.

I wish I could shut up, but I can't, and I won't. - Desmond Tutu



--
J

 

Messages are the sole opinion of the author, especially the fishy ones.

I wish I could shut up, but I can't, and I won't. - Desmond Tutu


moderated Re: Changes to /leave email link

 

On Fri, Oct 27, 2017 at 09:55 am, Mark Fletcher wrote:
We will always have the +unsubscribe email unsubscription option.
I think the objection to that was that a person who doesn't log onto the website in the first place doesn't know that that's the email address they can use to unsubscribe. I personally don't think that's too bad, because they can always do the "please unsubscribe me from this group" email - which, granted, people don't like to see, although again, I personally don't see it as a big deal. A workaround, although also somewhat awkward and space-consuming, would be to include in each email the info (not a mailto link, just the info) about the unsubscribe address.
 
--
J

 

Messages are the sole opinion of the author, especially the fishy ones.

I wish I could shut up, but I can't, and I won't. - Desmond Tutu


moderated Re: Changes to /leave email link

 

Hi All,

I had hoped to launch this this week, but launching on a Friday when I'm going to be away from the computer for much of the weekend is not a good idea. So it'll have to wait until next week. What I have done for now is removed the Resub link from the website after you've gone through the leave process. I believe J identified that as a security hole (but there's only a security issue if someone gets someone else's /leave link in the first place).

We will always have the +unsubscribe email unsubscription option. That won't change. All we're doing is fixing the existing, web-based unsubscribe flow.

Thanks,
Mark

On Fri, Oct 27, 2017 at 8:07 AM, J_Catlady <j.olivia.catlady@...> wrote:
On Wed, Oct 25, 2017 at 04:38 pm, Mark Fletcher wrote:
You may or may not receive a resub email with a link to resubscribe within 3 days (haven't decided this yet).
Mark,

I'm re-reading this thread this morning and I just want to emphasize that the more serious danger I found was with the resubscribe link. Someone else had previously identified the fact that unsub'ing via a forwarded or cc'ed email would unsubscribe the wrong person. Bad enough as that was, what I subsequently found was that the resubscribe link would give the link-clicking person access to the wrong person's account by actually logging them into it. (This happened even though the link-clicker was not logged in at the time.) So whatever fix you come up with, if there is a resubscribe link I think it needs to be thoroughly tested in the forwarded/cc'ed-email scenario.
 
--
J

 

Messages are the sole opinion of the author, especially the fishy ones.

I wish I could shut up, but I can't, and I won't. - Desmond Tutu



moderated Re: Changes to /leave email link

 

On Wed, Oct 25, 2017 at 04:38 pm, Mark Fletcher wrote:
You may or may not receive a resub email with a link to resubscribe within 3 days (haven't decided this yet).
Mark,

I'm re-reading this thread this morning and I just want to emphasize that the more serious danger I found was with the resubscribe link. Someone else had previously identified the fact that unsub'ing via a forwarded or cc'ed email would unsubscribe the wrong person. Bad enough as that was, what I subsequently found was that the resubscribe link would give the link-clicking person access to the wrong person's account by actually logging them into it. (This happened even though the link-clicker was not logged in at the time.) So whatever fix you come up with, if there is a resubscribe link I think it needs to be thoroughly tested in the forwarded/cc'ed-email scenario.
 
--
J

 

Messages are the sole opinion of the author, especially the fishy ones.

I wish I could shut up, but I can't, and I won't. - Desmond Tutu


moderated Re: Changes to /leave email link

Andre Polykanine <andre@...>
 

Hello Helen,
I'm completely with you here. As I said in my previous message, there
are lots of blind people migrating to groups.io these days. Can't we
go to a website? Sure we can, but as it is an email-first service, let
it be so, even if it incorporates modern goodies like integrations and
full web support.


--
With best regards from Ukraine,
Andre
Skype: menelion_elensule
Twitter: @m_elensule; Facebook: menelion

------------ Original message ------------
From: Helen <helen@felineckd.com>
To: main@beta.groups.io
Date created: , 1:56:30 PM
Subject: [beta] Changes to /leave email link


I agree with Shal on this. Forcing people who live their lives via e-mail to go to web pages in order to leave a group is also unaceptable to me. If there is a security flaw somewhere, that needs to be fixed, but making e-mail subscribers jump through hoops is not the solution IMO.

HTH

Helen

On Wed, Oct 25, 2017 at 07:01 pm, Shal Farley wrote:

> I think I need to change it so that a password is required to
> unsubscribe via the /leave link. ... please let me know what you
> think:

Unacceptable.

I don't mean that in the ultimatum sense of "I'll stop using Groups.io"
over this, but I do think it will be hugely problematic for my group
members and in the long run for Groups.io.

Problematic for my group members because most are email-only. Asking
them, effectively, to create an account so that they can unsubscribe
from a group will undoubtedly be viewed as topsy-turvy, if not an
outright scam.

Problematic for Groups.io because the more barriers there are in the way
of unsubscription the more likely people are to "simply" mark the
messages as spam to be rid of them.


moderated Re: Changes to /leave email link

 

I agree with Shal on this. Forcing people who live their lives via e-mail to go to web pages in order to leave a group is also unaceptable to me. If there is a security flaw somewhere, that needs to be fixed, but making e-mail subscribers jump through hoops is not the solution IMO.

HTH

Helen

On Wed, Oct 25, 2017 at 07:01 pm, Shal Farley wrote:

> I think I need to change it so that a password is required to
> unsubscribe via the /leave link. ... please let me know what you
> think:

Unacceptable.

I don't mean that in the ultimatum sense of "I'll stop using Groups.io"
over this, but I do think it will be hugely problematic for my group
members and in the long run for Groups.io.

Problematic for my group members because most are email-only. Asking
them, effectively, to create an account so that they can unsubscribe
from a group will undoubtedly be viewed as topsy-turvy, if not an
outright scam.

Problematic for Groups.io because the more barriers there are in the way
of unsubscription the more likely people are to "simply" mark the
messages as spam to be rid of them.


moderated Re: Changes to /leave email link

 

J,

So make them log in but don't call it that! Do that "confirm" thing.
Call it "confirming" they want to leave. Wasn't that one of the
suggestions here? I'm losing track.
Yes. I called it "verifying their email address" but that's the idea.

... go back to the idea of using a mailto: link that creates
a message to the group's +unsubscribe command.
I "voted" for that one during the last round of this, but I think
there was some technical reason why it couldn't be done.
One thing I recall was that some people have multiple accounts set up in their email interface, and the mailto: would create a message From which ever address is the default, not necessarily the email address which received the message with the mailto: link. But I think that's a rather limited problem - I suspect relatively few people have such a setup in a single interface.

Wouldn't that come from the forwarded/cc'd (problematic) email,
resulting (as now) in the wrong member being unsubscribed?
No. There are two protections against this. First the mailto: link wouldn't fill in the From address (causing the problem above). Second, even if it could, the wrong person wouldn't (in most interfaces) be allowed to send From an address not their own.

Shal


moderated Re: Changes to /leave email link

 

Maria,

I think having to login will help a lot with this as they will take a
second to actually realize what they are doing and pick the correct
option.
I don't see how the word "login" is necessary to this goal. All that's needed is that the page they get to after verifying their email address present the various options. It could be the /unsub page Mark referred to or even the normal Subscription page, which has unsubscribe as a red button on the very bottom.

Note again, I'm not saying the person shouldn't be effectively logged in at that point. I'm saying that the language of it, as proposed, is entirely wrong for the mind-set of an email-only member. You say "log in", I say "verify your email address". Pretty much the same thing in mechanism, but entirely different psychologically.

Again, this actually happens in our group and then we get emails
from these people wondering why they aren't getting emails any
longer...
Maybe someone needs to research how these people are initiating their unsubscription, and what information is presented to them in each case.

If these are email-only members then the likely mechanisms are:

1) Automatic unsubscribe by marking a message as "spam",
2) Clicking through the unsubscribe link in an email message,
3) Using the +unsubscribe command,
4) Other?

I think the first three cases have distinct records in the activity log, so you may be able to see if there's a pattern that suggests which path needs improvement.

Shal


moderated Re: Changes to /leave email link

 

On Thu, Oct 26, 2017 at 02:40 pm, Shal Farley wrote:
likely reaction is "explative no, I want to unsubscribe not log in"
I do see the point. It's like, someone wants to end a relationship and you make them have a sit-down dinner with you first, when even a drink is too much and they want the hell out. So make them log in but don't call it that! Do that "confirm" thing. Call it "confirming" they want to leave. Wasn't that one of the suggestions here? I'm losing track.

A better alternative, IMO, to a landing page that requires a login would be to go back to the idea of using a mailto: link that creates a message to the group's +unsubscribe command. On the whole _that_ seems a lot simpler.
I "voted" for that one during the last round of this, but I think there was some technical reason why it couldn't be done. Wouldn't that come from the forwarded/cc'd (problematic) email, resulting (as now) in the wrong member being unsubscribed?

--
J

 

Messages are the sole opinion of the author, especially the fishy ones.

I wish I could shut up, but I can't, and I won't. - Desmond Tutu


moderated Re: Changes to /leave email link

Maria
 

Another reason I am in favor of requiring a login is that what we mostly get in our group are people who accidentally unsubscribe - when in reality they just wanted fewer emails.
This happens quite a bit and that takes moderator time to fix and rejoin them and help them pick better settings.
I think having to login will help a lot with this as they will take a second to actually realize what they are doing and pick the correct option.
Some people who are email only - may not realize the various other options available - like digest or summary or special notices or no email... and they might actually be looking for that, not to leave the group. Again, this actually happens in our group and then we get emails from these people wondering why they aren't getting emails any longer...

Maria


moderated Updates to Trello

main@beta.groups.io Integration <main@...>
 

[Beta] New card "Links with the same anchor text as the URL in an HTML pending email reject notice are duplicated." was added to list "Bugs".


[Beta] The red label "Bug" was added to the card "Links with the same anchor text as the URL in an HTML pending email reject notice are duplicated.".


[Beta] The description of card "Links with the same anchor text as the URL in an HTML pending email reject notice are duplicated." was changed to:

Create an HTML reject notice. Then select it when rejecting a pending message. Because the dialog is plain text, we convert the HTML reject message to plain text. In the conversion process, we convert links to the form TEXT (URL). If the anchor text and the URL are the same, it looks like we're duplicating the URL.

The solution is to have an HTML dialog when editing the reject message.

15781 - 15800 of 30686