[SpamCop-List] Re: Small Mailing List - Best Practices

[John E. Malmberg]

Thomas Mooney wrote:
> Greetings,
> 
> I have a web-site that serves a small subset of a community youth sports
> organization.  The organization serves ~350 families, the web-site will
> likely appeal to well under half of them.
> 
> I have provided an e-mail link (mailto: URL) to subscribe to updates.
> 
> I want to confirm the opt-in.
> 
> My intent is to send would-be subscribers (those who have sent an initial
> subscription e-mail) a confirmation e-mail to which they must then respond
> to actually be placed on the list.  It should be noted that none of this
> will be automated; it will all be done by hand.  So I have some logistical
> limitations.

Actually it should not make it any more difficult to comply with good 
practices.  There are however off the shelf solutions, some of them open 
source and free.

> Here are my questions:
> 
> 1) Could you point me to a site that would describe best practices?

http://www.mail-abuse.com/an_listmgntgdlines.html

> 2) Barring a reference to a site that offers suitable advice, could you
> offer some tips about the contents of the confirmation e-mail.  I've read
> (probably on this newsgroup) about including some sort of unique identifier.
> But I don't know how important this is or what would constitute a proper
> identifier.

You will want a token that is not easily guessable or predictable.

Since you are doing this by hand, that should be easy.  Use the wall 
clock minutes/seconds of when you do the reply as part of the token.

On the confirmation e-mail you should report the I.P. address of the 
system that visited the web site.

Also you can check the I.P. address against the open proxy DNSbls.  If 
there is a match, then it is likely that this is a forged request.

Also let your ISP know what you are doing.  There is a possibility of 
people reporting your confirmation or mailing as spam even if you do 
everything right.

-John
wb8tyw at qsl.network
Personal Opinion Only