Dev - contact list opt out feature?

>
> Yes, it is possible to create a URL that would unsubscribe the user.  
> The more complicated process is the subscription or double-opt-in in  
> process. The opt-out process is generally a lot more simple, and all  
> we probably need to do is verify it is the user. That could be done  
> as-is by logging in to the ecommerce site (or variation of it), or  
> code could be added to generate and verify an opt-out code that would  
> count temporarily or something as a sufficient verification of  
> identity for the purposes of opt-out. This would be a nice addition.
>
> -David
>
>
> On Jan 25, 2006, at 9:25 AM, Si Chen wrote:
>
>> Hi everyone.
>>
>> I was playing with contact lists this morning.  It's pretty nice!
>>
>> Is there at this stage a contact list opt out feature: ie, a URL so an
>> email recipient can click and be removed from the contact list?
>>
>> Thanks,
>>
>> Si
>>
>> _______________________________________________
>> Dev mailing list
>> [hidden email]
>> http://lists.ofbiz.org/mailman/listinfo/dev
>
>
>------------------------------------------------------------------------
>
>
>_______________________________________________
>Dev mailing list
>[hidden email]
>http://lists.ofbiz.org/mailman/listinfo/dev
>

> I think it might be nice to use a scrambled code to identify the party
> and contact list, rather than use the contact list id and party id.
> What do you think of adding a field to ContactListParty which is a
> scrambled code, and then using that as the parameter on the opt-out
> email url?
>
> Si
>
> David E. Jones wrote:
>
>>
>> Yes, it is possible to create a URL that would unsubscribe the user.
>> The more complicated process is the subscription or double-opt-in in
>> process. The opt-out process is generally a lot more simple, and all
>> we probably need to do is verify it is the user. That could be done
>> as-is by logging in to the ecommerce site (or variation of it), or
>> code could be added to generate and verify an opt-out code that would
>> count temporarily or something as a sufficient verification of
>> identity for the purposes of opt-out. This would be a nice addition.
>>
>> -David
>>
>>
>> On Jan 25, 2006, at 9:25 AM, Si Chen wrote:
>>
>>> Hi everyone.
>>>
>>> I was playing with contact lists this morning.  It's pretty nice!
>>>
>>> Is there at this stage a contact list opt out feature: ie, a URL  
>>> so an
>>> email recipient can click and be removed from the contact list?
>>>
>>> Thanks,
>>>
>>> Si
>>>
>>> _______________________________________________
>>> Dev mailing list
>>> [hidden email]
>>> http://lists.ofbiz.org/mailman/listinfo/dev
>>
>>
>> ---------------------------------------------------------------------
>> ---
>>
>>
>> _______________________________________________
>> Dev mailing list
>> [hidden email]
>> http://lists.ofbiz.org/mailman/listinfo/dev
>>
>
> _______________________________________________
> Dev mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/dev

> The best solution is probably to use a randomly generated number  
> stored in the database that could be sent out via email for an easy  
> opt out link, or of course they could login and cancel their  
> subscription on the web site.
>
> An MD5 hash is a good idea, but to easy to "hack". If you know their  
> userLoginId or email or whatever is used it would be easy to MD5 it,  
> so it's more of an inconvenience than anything else. These are great  
> for protecting the information going the other way, but user ids are  
> generally not considered protected.
>
> Just a couple of thoughts on the topic...
>
> -David
>
>
> On Jan 25, 2006, at 7:45 PM, Andrew Yager wrote:
>
> > What I've often done is to concat an MD5 hash of the users id or
> > email, and an MD5 hash of the list ID to uniquely identify the user.
> > This saved me from having to store extra data, as the MD5 could be
> > relatively quickly calculated, even on quite large databases. Because
> > it's a predictable length, we just split the string to extract the
> > two parts and do a basic select query.
> >
> > As far as the double opt-in/confirm option, in Australia, we have
> > weird and strange SPAM laws, which (AFAIK) mean the double opt-in
> > procedure is pretty much a necessity for most businesses wishing to
> > put customers on mailing lists... at least... that's what everyone
> > seems to do.
> >
> > ... I have no preference as far as opt-out though...
> >
> > Andrew
> >
> > On 26/01/2006, at 6:27 AM, Si Chen wrote:
> >
> >> I think it might be nice to use a scrambled code to identify the  
> >> party
> >> and contact list, rather than use the contact list id and party id.
> >> What do you think of adding a field to ContactListParty which is a
> >> scrambled code, and then using that as the parameter on the opt-out
> >> email url?
> >>
> >> Si
> >>
> >> David E. Jones wrote:
> >>
> >>>
> >>> Yes, it is possible to create a URL that would unsubscribe the user.
> >>> The more complicated process is the subscription or double-opt-in in
> >>> process. The opt-out process is generally a lot more simple, and all
> >>> we probably need to do is verify it is the user. That could be done
> >>> as-is by logging in to the ecommerce site (or variation of it), or
> >>> code could be added to generate and verify an opt-out code that  
> >>> would
> >>> count temporarily or something as a sufficient verification of
> >>> identity for the purposes of opt-out. This would be a nice addition.
> >>>
> >>> -David
> >>>
> >>>
> >>> On Jan 25, 2006, at 9:25 AM, Si Chen wrote:
> >>>
> >>>> Hi everyone.
> >>>>
> >>>> I was playing with contact lists this morning.  It's pretty nice!
> >>>>
> >>>> Is there at this stage a contact list opt out feature: ie, a URL
> >>>> so an
> >>>> email recipient can click and be removed from the contact list?
> >>>>
> >>>> Thanks,
> >>>>
> >>>> Si
> >>>>
> >>>> _______________________________________________
> >>>> Dev mailing list
> >>>> [hidden email]
> >>>> http://lists.ofbiz.org/mailman/listinfo/dev
> >>>
> >>>
> >>> --------------------------------------------------------------------
> >>> -
> >>> ---
> >>>
> >>>
> >>> _______________________________________________
> >>> Dev mailing list
> >>> [hidden email]
> >>> http://lists.ofbiz.org/mailman/listinfo/dev
> >>>
> >>
> >> _______________________________________________
> >> Dev mailing list
> >> [hidden email]
> >> http://lists.ofbiz.org/mailman/listinfo/dev
> >
> > _________________________
> > Andrew Yager
> > Real World Technology Solutions
> > Real People, Real SolUtions (tm)
> > ph: (02) 9563 4840 (office) (02) 9563 4841 (direct)
> > fax: (02) 9563 4848 mob: 0405 152 568
> > http://www.rwts.com.au/
> > _________________________
> >
> >
> > _______________________________________________
> > Dev mailing list
> > [hidden email]
> > http://lists.ofbiz.org/mailman/listinfo/dev
>
>  _______________________________________________
> Dev mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/dev

>I think the user id method could be made very difficult to hack by
>adding a little "salt."  Salt is crytpo-speak for a secret addition,
>usually only a few characters that is added to the data being converted.
>It has the effect of randomizing the resultant hash and making it more
>difficult to hack.
>
>
>
>On Thu, 2006-01-26 at 17:43 -0700, David E. Jones wrote:
>  
>
>>The best solution is probably to use a randomly generated number  
>>stored in the database that could be sent out via email for an easy  
>>opt out link, or of course they could login and cancel their  
>>subscription on the web site.
>>
>>An MD5 hash is a good idea, but to easy to "hack". If you know their  
>>userLoginId or email or whatever is used it would be easy to MD5 it,  
>>so it's more of an inconvenience than anything else. These are great  
>>for protecting the information going the other way, but user ids are  
>>generally not considered protected.
>>
>>Just a couple of thoughts on the topic...
>>
>>-David
>>
>>
>>On Jan 25, 2006, at 7:45 PM, Andrew Yager wrote:
>>
>>    
>>
>>>What I've often done is to concat an MD5 hash of the users id or
>>>email, and an MD5 hash of the list ID to uniquely identify the user.
>>>This saved me from having to store extra data, as the MD5 could be
>>>relatively quickly calculated, even on quite large databases. Because
>>>it's a predictable length, we just split the string to extract the
>>>two parts and do a basic select query.
>>>
>>>As far as the double opt-in/confirm option, in Australia, we have
>>>weird and strange SPAM laws, which (AFAIK) mean the double opt-in
>>>procedure is pretty much a necessity for most businesses wishing to
>>>put customers on mailing lists... at least... that's what everyone
>>>seems to do.
>>>
>>>... I have no preference as far as opt-out though...
>>>
>>>Andrew
>>>
>>>On 26/01/2006, at 6:27 AM, Si Chen wrote:
>>>
>>>      
>>>
>>>>I think it might be nice to use a scrambled code to identify the  
>>>>party
>>>>and contact list, rather than use the contact list id and party id.
>>>>What do you think of adding a field to ContactListParty which is a
>>>>scrambled code, and then using that as the parameter on the opt-out
>>>>email url?
>>>>
>>>>Si
>>>>
>>>>David E. Jones wrote:
>>>>
>>>>        
>>>>
>>>>>Yes, it is possible to create a URL that would unsubscribe the user.
>>>>>The more complicated process is the subscription or double-opt-in in
>>>>>process. The opt-out process is generally a lot more simple, and all
>>>>>we probably need to do is verify it is the user. That could be done
>>>>>as-is by logging in to the ecommerce site (or variation of it), or
>>>>>code could be added to generate and verify an opt-out code that  
>>>>>would
>>>>>count temporarily or something as a sufficient verification of
>>>>>identity for the purposes of opt-out. This would be a nice addition.
>>>>>
>>>>>-David
>>>>>
>>>>>
>>>>>On Jan 25, 2006, at 9:25 AM, Si Chen wrote:
>>>>>
>>>>>          
>>>>>
>>>>>>Hi everyone.
>>>>>>
>>>>>>I was playing with contact lists this morning.  It's pretty nice!
>>>>>>
>>>>>>Is there at this stage a contact list opt out feature: ie, a URL
>>>>>>so an
>>>>>>email recipient can click and be removed from the contact list?
>>>>>>
>>>>>>Thanks,
>>>>>>
>>>>>>Si
>>>>>>
>>>>>>_______________________________________________
>>>>>>Dev mailing list
>>>>>>[hidden email]
>>>>>>http://lists.ofbiz.org/mailman/listinfo/dev
>>>>>>            
>>>>>>
>>>>>--------------------------------------------------------------------
>>>>>-
>>>>>---
>>>>>
>>>>>
>>>>>_______________________________________________
>>>>>Dev mailing list
>>>>>[hidden email]
>>>>>http://lists.ofbiz.org/mailman/listinfo/dev
>>>>>
>>>>>          
>>>>>
>>>>_______________________________________________
>>>>Dev mailing list
>>>>[hidden email]
>>>>http://lists.ofbiz.org/mailman/listinfo/dev
>>>>        
>>>>
>>>_________________________
>>>Andrew Yager
>>>Real World Technology Solutions
>>>Real People, Real SolUtions (tm)
>>>ph: (02) 9563 4840 (office) (02) 9563 4841 (direct)
>>>fax: (02) 9563 4848 mob: 0405 152 568
>>>http://www.rwts.com.au/
>>>_________________________
>>>
>>>
>>>_______________________________________________
>>>Dev mailing list
>>>[hidden email]
>>>http://lists.ofbiz.org/mailman/listinfo/dev
>>>      
>>>
>> _______________________________________________
>>Dev mailing list
>>[hidden email]
>>http://lists.ofbiz.org/mailman/listinfo/dev
>>    
>>