Is there no way to limit subscribing attempts to prevent flooding an innocent email owner’s inbox with confirmation request emails?
@Knupps If this is caused by an automated process then the Captcha plugin should stop that.
Otherwise perhaps a block on subscribing again with the same email address within, say, one hour. There are probably genuine reasons why someone might subscribe again so having a total block on subscription attempts could be too heavy handed. This could probably be implemented as a plugin, rather than within phplist.
Also, more simply, the silent resubscribe option can be disabled. That would then stop someone subscribing with an existing email address. See the description in config_extended.php
1 Like
Duncan, You are a life saver! Thank you!
This setting definitely should be default:
Imagine, someone subscribes the same email address over and over again. The victim has no chance to stop being harassed and it opens the risk for a lawsuit. In Germany, penalties for sending unsolicited emails are horrendous.
Oops, I was too fast. The problem is just shifted:
Now, you cannot trigger unlimited subscribe confirmation requests but you still can trigger unlimited emails containing the preferences email.
Is there a way to completely stop any email until the user confirmed the email subscription firsthand?
I guess that no one has found it a real problem in the past. I see that you have created a Mantis issue, so you can add this problem to that.
But I guess that any public form which asks for an email address is liable in this way. The preferences page is perhaps less of a problem because the perpetrator has to know that the victim is an existing subscriber.
I guess that no one has found it a real problem in the past.
Well, it becomes a challenge if you have a nasty competitor just waiting for such opportunity. He just triggers sending out numerous emails to make a victim sueing the newsletter sender. Of course he knows the email addresses he uses to abuse and so can also trigger infinite preference link emails.
But I guess that any public form which asks for an email address is liable in this way.
An one-time opt-in request email is no problem. But phplist really should completely prevent sending multiple(!) emails to people who have not agreed to it.
I tried and could even fire repetitive confirmation request emails by “subscribing” the phplist.com newsletter!
Please don’t get me wrong. I am not trying to nit-pick, but currently, phplist undeniably puts users at risk. For me personally, to my biggest regret and after fiddling three days configuring, this unfortunately is a showstopper.
It would be awesome if the devs would consider to change it.