next message in archive
next message in thread
previous message in archive
previous message in thread
Index of Subjects
Index of Subjects Hi Doug, Currently, a cgi generated script would generate the request for a subscription which would fail the built-in authentication and would be bounced to the list owner for approval. The issue in all web-interfaces to mailing lists is to provide the appropriate level of authentication/confirmation associated with the request. It there is a web interface to a list which would allow me to subscribe you or a dozen/hundred others, our site services would be exposed to potential abuse and if this abuse occurs we would be subject to email sanctions for the equivalent of spamming. Sites that allow quick subscribe and an after the fact 'opt-out' feature are currently being subject to sanctions. There is a significant body of opinion that allows that it is irresponsibile to allow web-subscribes without a high level of confidence that the target address has actually issued the request. This is part of the same debate that revolves around list-owners moving a mailing list from one server-host to another. ---- CCN _has_ in the past offered this type of 'subscribe now' feature for users of our text dial-in service. In this case we were authenticating the user via the login password and we were sure the individual requesting the subscription was in fact being subscribed. Most list management software offers some form of 'confirmation' option that would: 1) hold the request 2) reply to the 'subscribed' address requesting i) the target address reply with an 'authentication token' of some sort ii) within a specified time period The confirmation feature has never been tested on our system and would require some review to determine whether it, in fact, meets current standards (our mailing list software is quite 'mature' and with respect to features, ready for a upgrade/replacement). There is no question that a web interface would allow some individuals access to list who find the traditional email interface confusing... ...interestingly enough there are lots of list-owners who feel that this simply opens the list up to transient subscriptions and individuals who are not only disinclined to learn how to send an email subscribe but also disinclined to learn/use generally accepted list etiquette... ;-) I've been doing some preliminary testing of new list management software which should make this feature much more acceptable (security wise) but at the moment I don't have a time line on when it will be operational... this fall is most likely.... Although is some respect our software is dated, in other respects our customization places it significantly in advance of other available products. If a serious security flaw appeared we would be forced to move quickly but with the current software stable and functioning well it's hard to justify moving this project ahead of some of the others.... regards, david potter On Tue, 11 Jul 2000 aa935@chebucto.ns.ca wrote: > Hi all > > The request for a web interface for ccn-webmaster is not an issue of platform, > software or how the listserv operates. The request is to make available a user > activated subscribe/unsubscribe function from a web page. > > It is standard practice to request a prospective user to send an e-mail to > xxx@xxx.xxx with "subscribe list" in the body. > > This requires the prospect to > - switch to an e-mail application > - address the e-mail > - compose the e-mail > - send the e-mail > > Seems simple enough, but not to all. (I won't bore you with a list of reasons, > factors and attitude why some find the process daunting or unfriendly.) > > In an ideal world, My preference would be a simple "click to subscribe", "click > to unsubscribe" interface. > > In a less than ideal world, the users e-mail address may not be known in the > web interface. Therefore, I compromise by requesting that it be provided. > > Given these limits, what I require for the ccn-webmaster list, is a web > interface function that will subscribe/unsubscribe users from the list. > > Note: I currently use such an interface > http://www.gov.ns.ca/finance/publish/pub23.htm > > > Can the listserv function at Chebucto be modified to accomodate this request? > > Issues related to how the listserv operates are separate. It is only the > subscribe/unsubscribe function that is being addressed. > > Doug McCann > Webmaster > > --------------------------------------------------------------- > This mail was sent through the Nova Scotia Provincial Server, > with technical resources provided by Chebucto Community Net. > http://nsaccess.ns.ca/mail/ http://www.chebucto.ns.ca/ >
next message in archive
next message in thread
previous message in archive
previous message in thread
Index of Subjects