SORBS Mandatory Double Opt-In (DOI) Requirement

[Koby]

I sent a bulk email from my admin cp, and shortly after my server provider emailed me an abuse report listing for SORBS. As it turns out, the mailing list apparently doesn't have a double opt-in (where the user has to click a link in an email they get to verify they want to opt-in for emails before they start getting them) and as such gets referred as spam by SORBs.

Is this something that will be added in a future IPS release?

Because not being able to send mail can really put a damper on a community forum.... and apparently DOI is now a requirement that must exist in order to send mail without being flagged as spam or abuse.

 

Quote

Hello,

This is not something which is currently possible within the software unfortunately. You would be best to post this up within the product feedback area as a suggestion, if this is something you would like to see added to the software.

Kind Regards,
Marc Stridgen

 

[Charles]

The user sort of does opt-in. When they register their account they must first check the "send me emails from admin" box and then also click the account validation email that is sent. IPS4 already supports one-click unsubscribe in the emails as well.

[Koby]

On 1/18/2017 at 7:11 AM, Charles said:

The user sort of does opt-in. When they register their account they must first check the "send me emails from admin" box and then also click the account validation email that is sent. IPS4 already supports one-click unsubscribe in the emails as well.

"Sort of" isn't the same as definitely. =P

But the main thing is that this option is checked by default on the registration page and some users are likely to miss it and claim they never opted into it. So in that sense, it's best to have it unchecked by default and let them check it if they wish to opt in rather than assuming everyone registering will want to be opt-in by default.

This can be solved by editing:

applications/core/modules/front/system/register.php

from

$form->add( new \IPS\Helpers\Form\Checkbox( 'reg_admin_mails', TRUE, FALSE ) );

to
 

$form->add( new \IPS\Helpers\Form\Checkbox( 'reg_admin_mails', FALSE, FALSE ) );

 

The other issue is that in their profile settings later on when they click to disable or enable the send emails option, they should get a new opt-in email, but that button doesn't trigger an email on their settings page later. So if they didn't opt in during sign-up, they never have to click a confirm button via email to be planted in the mailing list.

 

We also edited  ./system/Member/Member.php from:

'./system/Member/Member.php' -> function setDefaultValues() -> $this->allow_admin_mails        = 1;

to:

'./system/Member/Member.php' -> function setDefaultValues() -> $this->allow_admin_mails        = 0;

The 'default value is to automatically opt users in without them checking the box or sending any confirmation.

We modified this file to 0 and then run the query:

UPDATE `core_members` SET `allow_admin_mails`=b'0' WHERE `allow_admin_mails`=b'1';

So that users were no longer opted in to something they never opted into or didn't realize it was being done. Then we made a forum announcement letting everyone know they'd have to manually re-enable it if they wished to receive any future admin emails from us.

To be true DOI by SORB standards, they must manually select opt-in on site, get emailed at that time a confirmation link, and then opt-in. Otherwise, spamtraps will flag it as not DOI as it did in this instance and get your server flagged and listed as spam which then has server providers on your heels.

Unfortunately I'm unsure how to go about making the button on that page (https://invisionpower.com/notifications/options/) somehow send a new email for opt-in when changed to checked. I think it's better to implement safe-guards such as true DOI, to prevent such issues from arising.

On top of this, the system should have some sort of queue for sending emails. Like instead of sending all 50,000 emails nearly instantly; make a queue and send out a few hundred per hour (or some reasonable amount) till it's done. If a board has a couple million users, that could easily become a problem if it sends millions of emails to the same email provider in less than a 30 minute span.