Custom subscription verification link


#1

Setting up the announcement list was pretty straight forward and I got that basically all working. However I would like to have a custom verification link in the subscription verification e-mail send to subscribers.

At the moment subscribers are asked to click on a link like this to verify:

[quote]To verify your subscription to this list, please visit this URL now:
http://scripts.dreamhost.com/add_list.cgi?g=22d8433616a6a2e3c004e5038fd5430e.[/quote]

While the e-mail sender is my-list@my-domain.com the verification link goes to DreamHost which may be confusing to the customer and I would generally prefer to have a verification link like my-domain.com/confirm?g=22d8433616a6a2e3c004e5038fd5430e.

I understand how to customize the content of the e-mail in general but the --variables-- used in the configuration panel seem to be rather undocumented.

Is there a variable that adds just the confirmation code? (My application would then forward internally to the DreamHost add_list.cgi script).


#2

No, there is currently no way to run mailing list subscription verifications through your own server. (We need to see the request ourselves for verification purposes.)


#3

Thanks for your response Andrew!

The overall setup of the announce list feature is sweat, including the e-mail verification features and I do understand that the final authorization needs to go through the DH server, however that would still be the case!

The authorization works by someone calling 'curl http://scripts.dreamhost.com/add_list.cgi?g=22d8433616a6a2e3c004e5038fd5430e.’, that can be the user clicking on it in the e-mail or copying to a browser or forwarding it to a friend and the friend clicking on the link. It could also indeed be my server forwarding the call a user has made as 'curl http://my-server.com/add_list.cgi?g=22d8433616a6a2e3c004e5038fd5430e.’, technically for the DH server all three are the same as the call is entirely context free.

My intention is no to bypass the DH server at all, rather, I would like to use the same mechanism I can already use for initiating the subscription process, where the user calls my URL and my ‘server’ sends the add_user API command to DH. The confirmation ID is still generated and sent out by DH, the only thing that has changes is that I could now theoretically record the confirmation numbers. Those however serve the single purpose of authorizing a specific e-mail address, by clicking on the link the user has already agreed to that process and given that the IDs are essentially one-time-pads there should be no security issue?

Thanks, Chris


#4

For various reasons, we’d really prefer for now to see the user’s confirmation click ourselves, directly. Sorry.

We do have plans to improve the subscription flow in the future, though — we’re aware it’s kind of clunky, and we’d like to do what we can to make it better.


#5

I can only encourage you to improve that! DH has a strong Spam Policy and that is a good thing, however at the same time you force users to make their confirmation e-mails look like spam (sender domain is different from verification link domain)!

You also encourage the use of alternatives (phplist & co.) which comes with downsides for DH (less control over resource usage) as well as us clients (DH imposes rate limit of 200 recipients/hour).

Thanks, Chris