Custom subscription verification link

Setting up the announcement list was pretty straight forward and I got that basically all working. However I would like to have a custom verification link in the subscription verification e-mail send to subscribers.

At the moment subscribers are asked to click on a link like this to verify:

[quote]To verify your subscription to this list, please visit this URL now:
http://scripts.dreamhost.com/add_list.cgi?g=22d8433616a6a2e3c004e5038fd5430e.[/quote]

While the e-mail sender is my-list@my-domain.com the verification link goes to DreamHost which may be confusing to the customer and I would generally prefer to have a verification link like my-domain.com/confirm?g=22d8433616a6a2e3c004e5038fd5430e.

I understand how to customize the content of the e-mail in general but the --variables-- used in the configuration panel seem to be rather undocumented.

Is there a variable that adds just the confirmation code? (My application would then forward internally to the DreamHost add_list.cgi script).

No, there is currently no way to run mailing list subscription verifications through your own server. (We need to see the request ourselves for verification purposes.)

Thanks for your response Andrew!

The overall setup of the announce list feature is sweat, including the e-mail verification features and I do understand that the final authorization needs to go through the DH server, however that would still be the case!

The authorization works by someone calling 'curl http://scripts.dreamhost.com/add_list.cgi?g=22d8433616a6a2e3c004e5038fd5430e.’, that can be the user clicking on it in the e-mail or copying to a browser or forwarding it to a friend and the friend clicking on the link. It could also indeed be my server forwarding the call a user has made as 'curl http://my-server.com/add_list.cgi?g=22d8433616a6a2e3c004e5038fd5430e.’, technically for the DH server all three are the same as the call is entirely context free.

My intention is no to bypass the DH server at all, rather, I would like to use the same mechanism I can already use for initiating the subscription process, where the user calls my URL and my ‘server’ sends the add_user API command to DH. The confirmation ID is still generated and sent out by DH, the only thing that has changes is that I could now theoretically record the confirmation numbers. Those however serve the single purpose of authorizing a specific e-mail address, by clicking on the link the user has already agreed to that process and given that the IDs are essentially one-time-pads there should be no security issue?

Thanks, Chris

For various reasons, we’d really prefer for now to see the user’s confirmation click ourselves, directly. Sorry.

We do have plans to improve the subscription flow in the future, though — we’re aware it’s kind of clunky, and we’d like to do what we can to make it better.

I can only encourage you to improve that! DH has a strong Spam Policy and that is a good thing, however at the same time you force users to make their confirmation e-mails look like spam (sender domain is different from verification link domain)!

You also encourage the use of alternatives (phplist & co.) which comes with downsides for DH (less control over resource usage) as well as us clients (DH imposes rate limit of 200 recipients/hour).

Thanks, Chris