Re: [mailop] Google Groups

Tue, 24 Mar 2026 04:51:41 -0700 

On Mon 23/Mar/2026 17:23:09 +0100 Matus UHLAR - fantomas wrote:

On 22.03.26 17:09, Alessandro Vesely via mailop wrote:
I'd argue that COI is a nuisance for newsletters.  Email marketers would rather look for Javascript code that can automate subscriptions. On the other hand, newsletters don't have the DMARC problem, so COI is somewhat less relevant for them. 


COI could be used to resolve the DMARC issue for mailing lists.  It would be 
sufficient to have the subscriber's mailbox provider run the COI, instead of 
the mailing list manager.  This way, that specific list could be trusted for 
that specific user.



Isn't the whole point that recipient has to willingly confirm that the 
newsletter/mailing list subscription was wanted by someone who owns the 
provided e-mail address?



Exactly.



Because I don't understand how this can be replaced by Javascript or by mailbox 
provider.




These replacements are directed in opposite direction.  Marketers only want a 
valid email address.  They can use Javascript, for example, to reduce the sequence:


   1. Registration form: user enters info and click on button
   2. Confirm subscription email: user clicks on button to confirm
   3. Confirm subscription page: user click on button to confirm
   4. Subscription confirmed page: subscription completed

To:

    1. Registration form: user enters info and click on button
    2. Confirm subscription email: user clicks on button to confirm
    3. Subscription confirmed page: subscription completed

With a suitable autofill, this can probably be reduced even further.
See https://github.com/knadh/listmonk/issues/1205



Replacing the COI handler with the mailbox provider (MP) is a way to address 
the lack of whitelisting.  If the MP doesn't know that its user wants that 
specific mail flow, it could block it according to DMARC rules unless the 
mailing list manager (MLM) munges the From: header.  OTOH, even if the MP, 
perhaps by intercepting COI messages, were to learn that its user wants that 
mail flow and whitelists it, since the MLM doesn't know it's whitelisted, it 
would still have to munge the From: header.  They would have to cooperate:


MLM:  Hey MP, your user X wants this flow.
MP:   Hey user X, is that true?
X:    Yup!
MP:   Ok MLM, you're whitelisted.

Would you call this /triple opt-in/?


Best
Ale
--










_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop























					Reply via email to