Ah, if you can unsubscribe with one click, maybe even without logging in. What s... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

darec1 on Dec 17, 2012 | parent | context | favorite | on: No one-click unsubscribe? It's spam.

Ah, if you can unsubscribe with one click, maybe even without logging in. What stops evil Bert over there from unsubscribing you? Sure, there might be some (session) token involved, but that could have been sniffed or brute-forced.

Actually mailing lists do it right, have the subscriber confirm his action by clicking a link in a confirmation mail or such. I think that's called double confirmation.

X-Istence on Dec 17, 2012 | [–]

Generally when I unsubscribe from a newsletter they send me a message saying they are sorry to see me go, with a 1 click link to subscribe again ...

Spoom on Dec 17, 2012 | [–]

If "evil Bert" has access to my inbox, the jig is up anyway.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact