Date   

locked Re: Member List

Duane
 

The Help Center is currently lacking a little. I think it's because things are in such a flux state right now. I'm sure once things are pretty much settled that there will help for all the little details like this. Possibly even a Setting Up Your New Group page to explain all the settings.

Duane


locked Re: More on new subscriptions

David P. Dillard
 

A substantial number of discussion groups on other servers such as Listserv have messages at the bottom of posts regarding how to unsubscribe rathter than links for unsubscribing. This would seem to be a more secure approach for the members of a list against others unsubscribing them as one must be logged into ones account to unsubscribe on Listserv lists.




Sincerely,
David Dillard
Temple University
(215) 204 - 4584
jwne@temple.edu

On Thu, 5 Feb 2015, Duane wrote:




I don't think you're being too careful. I wouldn't want the one-click unsubscribe link for a group. We ran into that on BigTent when they had the footer for awhile. Folks wouldn't trim it out, so anyone could click on the link and unsubscribe someone else. Now if it had a mailto link that opened their email program with the Unsubscribe address (and a subject?) filled in, that might work.



Duane


locked Re: More on new subscriptions

Judy F.
 

Shal, I think those are good solutions. I especially like the idea if we
have already banned someone because they unsubbed, that they can't reverse
the unsub. I agree it's good for everyone.

Judy F.
SW Florida - USA

-----Original Message-----
From: Shal Farley [mailto:shal@roadrunner.com]
Sent: Friday, February 06, 2015 2:27 AM
To: beta@groups.io
Subject: RE: [beta] Re: More on new subscriptions

Judy,

Since there are a lot of groups that I belong to that have a rule if a
member unsubscribes they are banned, I'm not sure I like the idea of
the member being able to send a note saying 'oh gee I really want to
still be a member'.
I don't see the problem with allowing someone to correct a mistake (I'm not
talking about undoing an owner/mod's decision to remove or ban the member).

What happens if they have already been banned.
That's an interesting question; I don't think that the undo should override
a ban.

A simpler case would be a group with restricted join. I believe that the
"undo" ought not require fresh approval by an owner/mod (because the member
had already been approved).

And though I didn't say so, the undo process perhaps should have a time
limit. A mistakenly unsubscribed member would have a limited number of days
to invoke the undo.

Another idea that I didn't think of at the time is that owners/mod who've
checked the "Email me when a member joins/leaves this group." box should
receive a notice of the undo as well.

Sounds like more work on the moderator to unban them so they can join
again.
The process I imagined would be automated, just as the email unsubscribe is.
No labor involved by any owner/mod (nor by Mark!).

Except possibly in groups like yours, where the owner owner/mods have
already created more work for themselves by promptly banning unsubcribers.
Those would end up exactly as they do in Yahoo Groups. The Undo wouldn't
work, because of the ban, and the ex-member would remain both removed and
banned.

So the member would be left to petition the owners/mods via the +owner email
address. But you're still ahead of the game: in Yahoo Groups all owners/mods
are forwarded emails to the -owner address without exception. In Groups.io
each owner/mod can chose to restrict such messages to current members or not
receive them at all.

-- Shal


locked Re: More on new subscriptions

 

Judy,

Since there are a lot of groups that I belong to that have a rule if a
member unsubscribes they are banned, I'm not sure I like the idea of the
member being able to send a note saying 'oh gee I really want to still
be a member'.
I don't see the problem with allowing someone to correct a mistake (I'm not talking about undoing an owner/mod's decision to remove or ban the member).

What happens if they have already been banned.
That's an interesting question; I don't think that the undo should override a ban.

A simpler case would be a group with restricted join. I believe that the "undo" ought not require fresh approval by an owner/mod (because the member had already been approved).

And though I didn't say so, the undo process perhaps should have a time limit. A mistakenly unsubscribed member would have a limited number of days to invoke the undo.

Another idea that I didn't think of at the time is that owners/mod who've checked the "Email me when a member joins/leaves this group." box should receive a notice of the undo as well.

Sounds like more work on the moderator to unban them so they can join
again.
The process I imagined would be automated, just as the email unsubscribe is. No labor involved by any owner/mod (nor by Mark!).

Except possibly in groups like yours, where the owner owner/mods have already created more work for themselves by promptly banning unsubcribers. Those would end up exactly as they do in Yahoo Groups. The Undo wouldn't work, because of the ban, and the ex-member would remain both removed and banned.

So the member would be left to petition the owners/mods via the +owner email address. But you're still ahead of the game: in Yahoo Groups all owners/mods are forwarded emails to the -owner address without exception. In Groups.io each owner/mod can chose to restrict such messages to current members or not receive them at all.

-- Shal


locked Re: no one click ??

 

Mark,

Relevant to the recent conversation, this just came in to
updates+owner.....

---------- Forwarded message ----------

no one click mute or unsubscribe, fail
I'm sympathetic to that point of view.

Even to the extent that I consider it probable that tolerating some false positives (unintended unsubscriptions, or unsubscriptions of the wrong person) may be a better position on the whole for a list service than false negatives (inability of users to unsubscribe).

But I think two clicks should be acceptable also, if those clicks are 1) click the unsubscribe mailto: link, 2) click send.

-- Shal


locked Re: More on new subscriptions

Judy F.
 

Shal
Since there are a lot of groups that I belong to that have a rule if a member unsubscribes they are banned, I'm not sure I like the idea of the member being able to send a note saying 'oh gee I really want to still be a member'. What happens if they have already been banned. Sounds like more work on the moderator to unban them so they can join again.

Maybe there is more to it than what you mentioned that would make my thoughts change.
Judy F.
SW Florida - USA

-----Original Message-----
From: Shal Farley [mailto:shal@roadrunner.com]
Sent: Thursday, February 05, 2015 7:55 PM
To: beta@groups.io
Subject: Re: [beta] Re: More on new subscriptions

And just in case, they could send back an "unsubscription acknowledgment" email, that basically says "goodbye" politely - with a link to a process for undoing the unsubscription in case it was in error.

-- Shal
*DMARK, DKIM, and SPF are the most common anti-spoof technologies in use.


locked Re: Member List

kr402
 

Thanks, Duane. 
That answers my question. 

Is there somewhere in help, setting up a group, or somewhere 
else I could have found that ino? I didn't know where to look.

KR





locked Re: Member List

Duane
 

The options for the members list to be visible are:
Subscribers
Moderators and Owners
Owners only

It depends on how the owner sets it up. If they allow members to see it, there are separate lists showing members and moderators. I have it set for Moderators and Owners on all my groups.

Duane


locked Re: Member List

kr402
 

KR, I don’t know about groups.io, but most Yahoo groups that I
belong to no longer show the member list for all members to see.  
Judy F.
SW Florida - USA

That is something I miss from Yahoo! Groups and would like to have available.

KR


locked Re: Member List

Judy F.
 

KR, I don’t know about groups.io, but most Yahoo groups that I belong to no longer show the member list for all members to see.  I would definitely prefer to have that as an option in groups.io also so the owner/moderators can make the decision as to show it or not.

 

Depending on how the owner set up the group, usually the messages that go out welcoming a new member have the names of the owner and moderators.   

 

Judy F.

SW Florida - USA

 

From: kr402 via GROUPS.IO [mailto:user+2333@groups.io]
Sent: Thursday, February 05, 2015 10:10 PM
To: beta@groups.io
Subject: [beta] Member List

 

Is there a viewable member list of a group you join, like there use to be at Yahoo! Groups? I find it helpful to see a member list, including showing owner, moderators.

KR


locked Member List

kr402
 

Is there a viewable member list of a group you join, like there use to be at Yahoo! Groups? I find it helpful to see a member list, including showing owner, moderators.

KR


locked no one click ??

 

Relevant to the recent conversation, this just came in to updates+owner.....

---------- Forwarded message ----------
From: Jeff .......
Date: Thursday, February 5, 2015
Subject: no one click ??
To: updates+owner@groups.io


no one click mute or unsubscribe, fail





locked Re: More on new subscriptions

 

The one-click unsubscribe links are best for the users who did not ask to be put on this list and want off NOW!

Say an organization decides to use Groups.IO to send out helpful hints to everyone who has ever contacted their support team.  They have a premium or enterprise account that allows them to add email addresses directly.  These messages are professional enough so that you can't call them "spam," yet no one asked to be put on this list, and a certain percentage of recipients are going to be angry.

However, even if you track the direct-add users versus the ones who signed up themselves, you'll still have the case where messages are forwarded.  Say I like these helpful hints and forward them to all of my co-workers, who in turn forward them to everyone on their mailing lists.  One or multiple of those people get mad, see an "unsubscribe" link without reading anything else, and I wind up off the list I wanted to be on.

So it's a complicated situation, but I bet it could be resolved like this:

  1. If a user manually subscribed to the group, that user has to do more than just click on the unsubscribe link.  The user will have to provide a password, or respond to a confirmation mail to be unsubscribed.
  2. If a user was direct-added to a group, the unsubscribe link actually does unsubscribe with one click, but a confirmation mail is sent anyway, confirming the unsubscription and providing a link to re-add the user if the unsubscribe was unintentional.  If the user clicks the link within a certain number of days, the user is re-added to the list (without moderator approval needed), and converted to type 1, so an unsubscribe link requires further action.

I know, that's probably way too complicated for the amount of value added.

JohnF


locked Re: More on new subscriptions

 

On Thu, Feb 5, 2015 at 1:16 PM, Shal Farley <shal@...> wrote:

> I'm a bit weary.

The kids again?  ;-)

In the immortal word of Homer Simpson, "D'oh!"

And as was pointed out by a couple people, in my post to updates@ today I used 'role' when I should have used 'roll'. My mom tells the story of my uncle, who like my mother, was born and raised in Chicago. When he applied to MIT (where he eventually got an advanced degree in Nuclear Engineering), based on his test scores and essays, they didn't believe English was his native language. 

So, I blame genetics. :-)

Mark


locked Re: More on new subscriptions

 

Judy,

I’m not sure I understand about the automatically generated password
purpose.
That's a method I proposed for handling advanced message selection via
the email footer, but only for member's who haven't already set a
password. By itself I agree that it is too insecure to use for changes
like unsubscription. There may be ways to make it "secure enough" but
that's not my main point.

I like the idea of the link in the email to allow someone to
unsubscribe as long as it’s secure enough that they can’t unsubscribe
someone else. The link would take them to the group where they would
actually unsubscribe. Is this correct?
Right now the "Unsubscribe From This Group" link takes one to Groups.io,
where you have to sign in (or already be signed in) before you can
unsubscribe.

The sign-in requirement prevents unsubscribing someone else, but it also
adds "friction" to the unsubscribe process. The industry advice for
mailing lists is that unsubscription be effectively one click and done
so that members are never frustrated by an inability to easily unsubscribe.

I know that Yahoo Groups has an Unsubscription link and when we get
those messages, we ignore them.
You (owners/mods) don't get those messages (not the ones generated by
the "Unsubscribe" link in Yahoo Groups email footers), they are
processed automatically by Yahoo's servers. A person may send an email
to the group's posting address or to the group's Listowner address
requesting unsubscription, but that has no effect unless an owner/mod
acts upon it.

Yahoo's solution to security problem is to use an email command (not a
web link) send back a "confirmation request" email - the member must
receive and reply to that in order to actually unsubscribe. The
difficulty with this solution is that those requests often end up in the
member's Junk or Trash folder, never to be seen. And then you have an
angry user complaining that Yahoo won't ever let them unsubscribe.

Something better that Yahoo (and Groups.io) could do is to use available
techniques for determining that the email request actually came from the
email account of the member, and not from anyone attempting to spoof
that address. These techniques* are relatively secure, extremely secure
for most of the high profile email services (Gmail, Yahoo Mail, etc.).
And just in case, they could send back an "unsubscription
acknowledgment" email, that basically says "goodbye" politely - with a
link to a process for undoing the unsubscription in case it was in error.

-- Shal
*DMARK, DKIM, and SPF are the most common anti-spoof technologies in use.


locked Re: More on new subscriptions

Judy F.
 

Mark, I’m not sure I understand about the automatically generated password purpose.  I have read and re-read the comment and it sounds to me as if we are going to get in trouble allowing this.  If someone has the email, that doesn’t necessarily mean they should have the email or should be able to access a part of the group. 

 

I like the idea of the link in the email to allow someone to unsubscribe as long as it’s secure enough that they can’t unsubscribe someone else.  The link would take them to the group where they would actually unsubscribe.  Is this correct?   I don’t like the idea of receiving an email asking to unsubscribe from the group.  First, they joined by themselves and they should unsubscribe by themselves.  Also, how do we know they are who they say they are?  Hmmmm

 

I know that Yahoo Groups has an Unsubscription link and when we get those messages, we ignore them. 

 

Judy F.

SW Florida - USA

 

From: Mark Fletcher [mailto:markf@corp.groups.io]
Sent: Thursday, February 05, 2015 2:58 PM
To: beta@groups.io
Subject: [beta] Re: More on new subscriptions

 

On Thu, Feb 5, 2015 at 12:47 am, Shal Farley shal@... wrote:

Requiring web access for hashtag management raises the tangent question of whether anything can be done for users who haven't yet set a password. I think there is. An automatically generated password could be included in the web links, giving access to anyone that possess the email message. Although email is not generally secure, it is probably secure enough for this purpose. And any user concerned with the security of their Groups.io account would be well advised to set a password, reverting his/her email footers to plain links.

I'm a bit weary. I was thinking about this for unsubscribe links in the emails. It's a bit crazy that they are not one click unsubscribe links; you have to log into the web site in order to unsubscribe. But it feels dangerous to include such a link in a group email. Am I being too careful? Should we have one-click unsubscribe links (and maybe what you propose Shal as well) in the emails?

Thanks, Mark


locked Re: More on new subscriptions

Laurence Taylor
 

On 05 Feb 2015 19:57, Mark Fletcher wrote:

I'm a bit weary. I was thinking about this for unsubscribe links in
the emails. It's a bit crazy that they are not one click unsubscribe
links; you have to log into the web site in order to unsubscribe. But
it feels dangerous to include such a link in a group email. Am I
being too careful? Should we have one-click unsubscribe links (and
maybe what you propose Shal as well) in the emails?
Including instant-unsubscribe links can be troublesome if the recipient
forwards the post to someone else, who then mistakenly follows it. Or of
the sub replies to the list and leaves their unsubscribe link in place,
they could be removed by any other reader, accidentally or maliciously.

By all means have such a link, but follow it up with a confirmation email.

--
rgds
LAurence
<><


locked Re: More on new subscriptions

Judy F.
 

That's great as long as the user can select one of the basic options, i.e.
Digest or whatever the group.io name will be and that's it.

Judy
SW Florida - USA

-----Original Message-----
From: Shal Farley [mailto:shal@roadrunner.com]
Sent: Thursday, February 05, 2015 4:00 AM
To: beta@groups.io
Subject: RE: [beta] More on new subscriptions

Judy,

Is there going to be a logical option that can be selected where a
user just wants to read the messages?
I think that will be the default. I don't think the emails will need to
expose much complexity to the user if they leave the "Message Selection"
option set to the default of "All Messages". See my reply to Mark.

When I subscribe to a group, I want to have an option on how I want my
messages delivered. Then later as I become more accustomed to
Groups.io , then I may step into deeper water and try one of the
options you mentioned below.
I think that's the way it is going. Simple controls by default, more
abilities exposed if you select an advanced setting for Message Selection.

-- Shal


locked Re: More on new subscriptions

 

Mark,

I'm a bit weary.
The kids again? ;-)

I was thinking about this for unsubscribe links in the emails. It's a
bit crazy that they are not one click unsubscribe links; you have to
log into the web site in order to unsubscribe.
That is crazy. There may be two ways out.

As Duane said, one is to make it a mailto: link. Then as long as you have reasonable verification of the authenticity of the received email command (say, it passes DMARC) you can act on the unsubscribe (or any other command) without further confirmation.

The other is to fingerprint each email address' web access and accept the action without further confirmation if this connection is via a device "known" for this user. Obviously that wouldn't work for an email-only subscriber who's never visited the web site before. An email-only subscriber would likely prefer to use an email command.

Am I being too careful?
No, it usually pays to think through as many "unintended consequences" scenarios as practical.

Should we have one-click unsubscribe links (and maybe what you
propose Shal as well) in the emails?
I think we should (duh), given reasonable mitigation of the risks. Device fingerprinting is one strategy.

For the links I proposed another mitigation would be to limit the access via the coded links to just the thread and hashtag controls for the message in question. So if the link got into the wrong hands the worst they could do would be to change the following of that message's thread or hashtag(s).

-- Shal


locked Re: More on new subscriptions

Duane
 

I don't think you're being too careful. I wouldn't want the one-click unsubscribe link for a group. We ran into that on BigTent when they had the footer for awhile. Folks wouldn't trim it out, so anyone could click on the link and unsubscribe someone else. Now if it had a mailto link that opened their email program with the Unsubscribe address (and a subject?) filled in, that might work.

Duane