Dev - contact list opt out feature?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Dev - contact list opt out feature?

Si Chen-2
Hi everyone.

I was playing with contact lists this morning.  It's pretty nice!

Is there at this stage a contact list opt out feature: ie, a URL so an
email recipient can click and be removed from the contact list?

Thanks,

Si
 
_______________________________________________
Dev mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Dev - contact list opt out feature?

David E. Jones

Yes, it is possible to create a URL that would unsubscribe the user.  
The more complicated process is the subscription or double-opt-in in  
process. The opt-out process is generally a lot more simple, and all  
we probably need to do is verify it is the user. That could be done  
as-is by logging in to the ecommerce site (or variation of it), or  
code could be added to generate and verify an opt-out code that would  
count temporarily or something as a sufficient verification of  
identity for the purposes of opt-out. This would be a nice addition.

-David


On Jan 25, 2006, at 9:25 AM, Si Chen wrote:

> Hi everyone.
>
> I was playing with contact lists this morning.  It's pretty nice!
>
> Is there at this stage a contact list opt out feature: ie, a URL so an
> email recipient can click and be removed from the contact list?
>
> Thanks,
>
> Si
>
> _______________________________________________
> Dev mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/dev

 
_______________________________________________
Dev mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/dev

smime.p7s (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Dev - contact list opt out feature?

Si Chen-2
I think it might be nice to use a scrambled code to identify the party
and contact list, rather than use the contact list id and party id.  
What do you think of adding a field to ContactListParty which is a
scrambled code, and then using that as the parameter on the opt-out
email url?

Si

David E. Jones wrote:

>
> Yes, it is possible to create a URL that would unsubscribe the user.  
> The more complicated process is the subscription or double-opt-in in  
> process. The opt-out process is generally a lot more simple, and all  
> we probably need to do is verify it is the user. That could be done  
> as-is by logging in to the ecommerce site (or variation of it), or  
> code could be added to generate and verify an opt-out code that would  
> count temporarily or something as a sufficient verification of  
> identity for the purposes of opt-out. This would be a nice addition.
>
> -David
>
>
> On Jan 25, 2006, at 9:25 AM, Si Chen wrote:
>
>> Hi everyone.
>>
>> I was playing with contact lists this morning.  It's pretty nice!
>>
>> Is there at this stage a contact list opt out feature: ie, a URL so an
>> email recipient can click and be removed from the contact list?
>>
>> Thanks,
>>
>> Si
>>
>> _______________________________________________
>> Dev mailing list
>> [hidden email]
>> http://lists.ofbiz.org/mailman/listinfo/dev
>
>
>------------------------------------------------------------------------
>
>
>_______________________________________________
>Dev mailing list
>[hidden email]
>http://lists.ofbiz.org/mailman/listinfo/dev
>
 
_______________________________________________
Dev mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Dev - contact list opt out feature?

Andrew Yager
What I've often done is to concat an MD5 hash of the users id or  
email, and an MD5 hash of the list ID to uniquely identify the user.  
This saved me from having to store extra data, as the MD5 could be  
relatively quickly calculated, even on quite large databases. Because  
it's a predictable length, we just split the string to extract the  
two parts and do a basic select query.

As far as the double opt-in/confirm option, in Australia, we have  
weird and strange SPAM laws, which (AFAIK) mean the double opt-in  
procedure is pretty much a necessity for most businesses wishing to  
put customers on mailing lists... at least... that's what everyone  
seems to do.

... I have no preference as far as opt-out though...

Andrew

On 26/01/2006, at 6:27 AM, Si Chen wrote:

> I think it might be nice to use a scrambled code to identify the party
> and contact list, rather than use the contact list id and party id.
> What do you think of adding a field to ContactListParty which is a
> scrambled code, and then using that as the parameter on the opt-out
> email url?
>
> Si
>
> David E. Jones wrote:
>
>>
>> Yes, it is possible to create a URL that would unsubscribe the user.
>> The more complicated process is the subscription or double-opt-in in
>> process. The opt-out process is generally a lot more simple, and all
>> we probably need to do is verify it is the user. That could be done
>> as-is by logging in to the ecommerce site (or variation of it), or
>> code could be added to generate and verify an opt-out code that would
>> count temporarily or something as a sufficient verification of
>> identity for the purposes of opt-out. This would be a nice addition.
>>
>> -David
>>
>>
>> On Jan 25, 2006, at 9:25 AM, Si Chen wrote:
>>
>>> Hi everyone.
>>>
>>> I was playing with contact lists this morning.  It's pretty nice!
>>>
>>> Is there at this stage a contact list opt out feature: ie, a URL  
>>> so an
>>> email recipient can click and be removed from the contact list?
>>>
>>> Thanks,
>>>
>>> Si
>>>
>>> _______________________________________________
>>> Dev mailing list
>>> [hidden email]
>>> http://lists.ofbiz.org/mailman/listinfo/dev
>>
>>
>> ---------------------------------------------------------------------
>> ---
>>
>>
>> _______________________________________________
>> Dev mailing list
>> [hidden email]
>> http://lists.ofbiz.org/mailman/listinfo/dev
>>
>
> _______________________________________________
> Dev mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/dev

_________________________
Andrew Yager
Real World Technology Solutions
Real People, Real SolUtions (tm)
ph: (02) 9563 4840 (office) (02) 9563 4841 (direct)
fax: (02) 9563 4848 mob: 0405 152 568
http://www.rwts.com.au/
_________________________

 
_______________________________________________
Dev mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Dev - contact list opt out feature?

David E. Jones

The best solution is probably to use a randomly generated number  
stored in the database that could be sent out via email for an easy  
opt out link, or of course they could login and cancel their  
subscription on the web site.

An MD5 hash is a good idea, but to easy to "hack". If you know their  
userLoginId or email or whatever is used it would be easy to MD5 it,  
so it's more of an inconvenience than anything else. These are great  
for protecting the information going the other way, but user ids are  
generally not considered protected.

Just a couple of thoughts on the topic...

-David


On Jan 25, 2006, at 7:45 PM, Andrew Yager wrote:

> What I've often done is to concat an MD5 hash of the users id or
> email, and an MD5 hash of the list ID to uniquely identify the user.
> This saved me from having to store extra data, as the MD5 could be
> relatively quickly calculated, even on quite large databases. Because
> it's a predictable length, we just split the string to extract the
> two parts and do a basic select query.
>
> As far as the double opt-in/confirm option, in Australia, we have
> weird and strange SPAM laws, which (AFAIK) mean the double opt-in
> procedure is pretty much a necessity for most businesses wishing to
> put customers on mailing lists... at least... that's what everyone
> seems to do.
>
> ... I have no preference as far as opt-out though...
>
> Andrew
>
> On 26/01/2006, at 6:27 AM, Si Chen wrote:
>
>> I think it might be nice to use a scrambled code to identify the  
>> party
>> and contact list, rather than use the contact list id and party id.
>> What do you think of adding a field to ContactListParty which is a
>> scrambled code, and then using that as the parameter on the opt-out
>> email url?
>>
>> Si
>>
>> David E. Jones wrote:
>>
>>>
>>> Yes, it is possible to create a URL that would unsubscribe the user.
>>> The more complicated process is the subscription or double-opt-in in
>>> process. The opt-out process is generally a lot more simple, and all
>>> we probably need to do is verify it is the user. That could be done
>>> as-is by logging in to the ecommerce site (or variation of it), or
>>> code could be added to generate and verify an opt-out code that  
>>> would
>>> count temporarily or something as a sufficient verification of
>>> identity for the purposes of opt-out. This would be a nice addition.
>>>
>>> -David
>>>
>>>
>>> On Jan 25, 2006, at 9:25 AM, Si Chen wrote:
>>>
>>>> Hi everyone.
>>>>
>>>> I was playing with contact lists this morning.  It's pretty nice!
>>>>
>>>> Is there at this stage a contact list opt out feature: ie, a URL
>>>> so an
>>>> email recipient can click and be removed from the contact list?
>>>>
>>>> Thanks,
>>>>
>>>> Si
>>>>
>>>> _______________________________________________
>>>> Dev mailing list
>>>> [hidden email]
>>>> http://lists.ofbiz.org/mailman/listinfo/dev
>>>
>>>
>>> --------------------------------------------------------------------
>>> -
>>> ---
>>>
>>>
>>> _______________________________________________
>>> Dev mailing list
>>> [hidden email]
>>> http://lists.ofbiz.org/mailman/listinfo/dev
>>>
>>
>> _______________________________________________
>> Dev mailing list
>> [hidden email]
>> http://lists.ofbiz.org/mailman/listinfo/dev
>
> _________________________
> Andrew Yager
> Real World Technology Solutions
> Real People, Real SolUtions (tm)
> ph: (02) 9563 4840 (office) (02) 9563 4841 (direct)
> fax: (02) 9563 4848 mob: 0405 152 568
> http://www.rwts.com.au/
> _________________________
>
>
> _______________________________________________
> Dev mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/dev

 
_______________________________________________
Dev mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/dev

smime.p7s (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Dev - contact list opt out feature?

Daniel Kunkel
I think the user id method could be made very difficult to hack by
adding a little "salt."  Salt is crytpo-speak for a secret addition,
usually only a few characters that is added to the data being converted.
It has the effect of randomizing the resultant hash and making it more
difficult to hack.



On Thu, 2006-01-26 at 17:43 -0700, David E. Jones wrote:

> The best solution is probably to use a randomly generated number  
> stored in the database that could be sent out via email for an easy  
> opt out link, or of course they could login and cancel their  
> subscription on the web site.
>
> An MD5 hash is a good idea, but to easy to "hack". If you know their  
> userLoginId or email or whatever is used it would be easy to MD5 it,  
> so it's more of an inconvenience than anything else. These are great  
> for protecting the information going the other way, but user ids are  
> generally not considered protected.
>
> Just a couple of thoughts on the topic...
>
> -David
>
>
> On Jan 25, 2006, at 7:45 PM, Andrew Yager wrote:
>
> > What I've often done is to concat an MD5 hash of the users id or
> > email, and an MD5 hash of the list ID to uniquely identify the user.
> > This saved me from having to store extra data, as the MD5 could be
> > relatively quickly calculated, even on quite large databases. Because
> > it's a predictable length, we just split the string to extract the
> > two parts and do a basic select query.
> >
> > As far as the double opt-in/confirm option, in Australia, we have
> > weird and strange SPAM laws, which (AFAIK) mean the double opt-in
> > procedure is pretty much a necessity for most businesses wishing to
> > put customers on mailing lists... at least... that's what everyone
> > seems to do.
> >
> > ... I have no preference as far as opt-out though...
> >
> > Andrew
> >
> > On 26/01/2006, at 6:27 AM, Si Chen wrote:
> >
> >> I think it might be nice to use a scrambled code to identify the  
> >> party
> >> and contact list, rather than use the contact list id and party id.
> >> What do you think of adding a field to ContactListParty which is a
> >> scrambled code, and then using that as the parameter on the opt-out
> >> email url?
> >>
> >> Si
> >>
> >> David E. Jones wrote:
> >>
> >>>
> >>> Yes, it is possible to create a URL that would unsubscribe the user.
> >>> The more complicated process is the subscription or double-opt-in in
> >>> process. The opt-out process is generally a lot more simple, and all
> >>> we probably need to do is verify it is the user. That could be done
> >>> as-is by logging in to the ecommerce site (or variation of it), or
> >>> code could be added to generate and verify an opt-out code that  
> >>> would
> >>> count temporarily or something as a sufficient verification of
> >>> identity for the purposes of opt-out. This would be a nice addition.
> >>>
> >>> -David
> >>>
> >>>
> >>> On Jan 25, 2006, at 9:25 AM, Si Chen wrote:
> >>>
> >>>> Hi everyone.
> >>>>
> >>>> I was playing with contact lists this morning.  It's pretty nice!
> >>>>
> >>>> Is there at this stage a contact list opt out feature: ie, a URL
> >>>> so an
> >>>> email recipient can click and be removed from the contact list?
> >>>>
> >>>> Thanks,
> >>>>
> >>>> Si
> >>>>
> >>>> _______________________________________________
> >>>> Dev mailing list
> >>>> [hidden email]
> >>>> http://lists.ofbiz.org/mailman/listinfo/dev
> >>>
> >>>
> >>> --------------------------------------------------------------------
> >>> -
> >>> ---
> >>>
> >>>
> >>> _______________________________________________
> >>> Dev mailing list
> >>> [hidden email]
> >>> http://lists.ofbiz.org/mailman/listinfo/dev
> >>>
> >>
> >> _______________________________________________
> >> Dev mailing list
> >> [hidden email]
> >> http://lists.ofbiz.org/mailman/listinfo/dev
> >
> > _________________________
> > Andrew Yager
> > Real World Technology Solutions
> > Real People, Real SolUtions (tm)
> > ph: (02) 9563 4840 (office) (02) 9563 4841 (direct)
> > fax: (02) 9563 4848 mob: 0405 152 568
> > http://www.rwts.com.au/
> > _________________________
> >
> >
> > _______________________________________________
> > Dev mailing list
> > [hidden email]
> > http://lists.ofbiz.org/mailman/listinfo/dev
>
>  _______________________________________________
> Dev mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/dev
--
Daniel

*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-
Have a GREAT Day!

Daniel Kunkel           [hidden email]
BioWaves, LLC           http://www.BioWaves.com
14150 NE 20th St. Suite F1
Bellevue, WA 98007
800-734-3588    425-895-0050
http://www.Apartment-Pets.com  http://www.Focus-Illusion.com
http://www.Brain-Fun.com       http://www.ColorGlasses.com
*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-

 
_______________________________________________
Dev mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Dev - contact list opt out feature?

Si Chen-2
Daniel,

Userid alone is not sufficient - a user can belong to several contact
lists and just want out of one of them.  It would have to be
contactListId+partyId and possibly contactMechId all rolled into one and
encrypted.

Si

Daniel Kunkel wrote:

>I think the user id method could be made very difficult to hack by
>adding a little "salt."  Salt is crytpo-speak for a secret addition,
>usually only a few characters that is added to the data being converted.
>It has the effect of randomizing the resultant hash and making it more
>difficult to hack.
>
>
>
>On Thu, 2006-01-26 at 17:43 -0700, David E. Jones wrote:
>  
>
>>The best solution is probably to use a randomly generated number  
>>stored in the database that could be sent out via email for an easy  
>>opt out link, or of course they could login and cancel their  
>>subscription on the web site.
>>
>>An MD5 hash is a good idea, but to easy to "hack". If you know their  
>>userLoginId or email or whatever is used it would be easy to MD5 it,  
>>so it's more of an inconvenience than anything else. These are great  
>>for protecting the information going the other way, but user ids are  
>>generally not considered protected.
>>
>>Just a couple of thoughts on the topic...
>>
>>-David
>>
>>
>>On Jan 25, 2006, at 7:45 PM, Andrew Yager wrote:
>>
>>    
>>
>>>What I've often done is to concat an MD5 hash of the users id or
>>>email, and an MD5 hash of the list ID to uniquely identify the user.
>>>This saved me from having to store extra data, as the MD5 could be
>>>relatively quickly calculated, even on quite large databases. Because
>>>it's a predictable length, we just split the string to extract the
>>>two parts and do a basic select query.
>>>
>>>As far as the double opt-in/confirm option, in Australia, we have
>>>weird and strange SPAM laws, which (AFAIK) mean the double opt-in
>>>procedure is pretty much a necessity for most businesses wishing to
>>>put customers on mailing lists... at least... that's what everyone
>>>seems to do.
>>>
>>>... I have no preference as far as opt-out though...
>>>
>>>Andrew
>>>
>>>On 26/01/2006, at 6:27 AM, Si Chen wrote:
>>>
>>>      
>>>
>>>>I think it might be nice to use a scrambled code to identify the  
>>>>party
>>>>and contact list, rather than use the contact list id and party id.
>>>>What do you think of adding a field to ContactListParty which is a
>>>>scrambled code, and then using that as the parameter on the opt-out
>>>>email url?
>>>>
>>>>Si
>>>>
>>>>David E. Jones wrote:
>>>>
>>>>        
>>>>
>>>>>Yes, it is possible to create a URL that would unsubscribe the user.
>>>>>The more complicated process is the subscription or double-opt-in in
>>>>>process. The opt-out process is generally a lot more simple, and all
>>>>>we probably need to do is verify it is the user. That could be done
>>>>>as-is by logging in to the ecommerce site (or variation of it), or
>>>>>code could be added to generate and verify an opt-out code that  
>>>>>would
>>>>>count temporarily or something as a sufficient verification of
>>>>>identity for the purposes of opt-out. This would be a nice addition.
>>>>>
>>>>>-David
>>>>>
>>>>>
>>>>>On Jan 25, 2006, at 9:25 AM, Si Chen wrote:
>>>>>
>>>>>          
>>>>>
>>>>>>Hi everyone.
>>>>>>
>>>>>>I was playing with contact lists this morning.  It's pretty nice!
>>>>>>
>>>>>>Is there at this stage a contact list opt out feature: ie, a URL
>>>>>>so an
>>>>>>email recipient can click and be removed from the contact list?
>>>>>>
>>>>>>Thanks,
>>>>>>
>>>>>>Si
>>>>>>
>>>>>>_______________________________________________
>>>>>>Dev mailing list
>>>>>>[hidden email]
>>>>>>http://lists.ofbiz.org/mailman/listinfo/dev
>>>>>>            
>>>>>>
>>>>>--------------------------------------------------------------------
>>>>>-
>>>>>---
>>>>>
>>>>>
>>>>>_______________________________________________
>>>>>Dev mailing list
>>>>>[hidden email]
>>>>>http://lists.ofbiz.org/mailman/listinfo/dev
>>>>>
>>>>>          
>>>>>
>>>>_______________________________________________
>>>>Dev mailing list
>>>>[hidden email]
>>>>http://lists.ofbiz.org/mailman/listinfo/dev
>>>>        
>>>>
>>>_________________________
>>>Andrew Yager
>>>Real World Technology Solutions
>>>Real People, Real SolUtions (tm)
>>>ph: (02) 9563 4840 (office) (02) 9563 4841 (direct)
>>>fax: (02) 9563 4848 mob: 0405 152 568
>>>http://www.rwts.com.au/
>>>_________________________
>>>
>>>
>>>_______________________________________________
>>>Dev mailing list
>>>[hidden email]
>>>http://lists.ofbiz.org/mailman/listinfo/dev
>>>      
>>>
>> _______________________________________________
>>Dev mailing list
>>[hidden email]
>>http://lists.ofbiz.org/mailman/listinfo/dev
>>    
>>
 
_______________________________________________
Dev mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/dev