Confirming your subscription request
Before your subscription can be started, you must confirm your subscription request. Our list server will send you two e-mails: one acknowledging that your subscription request has been processed, and one with an authorization string that must be returned to our server to verify that you did request the subscription.
Why do we require you to confirm subscriptions? It's a bit of a hassle, but on the Internet, it's unfortunately a necessary one. Forging someone else's e-mail address is fairly easy to do, and a common attack on users is to forge their e-mail address and subscribe them to dozens or hundreds of mailing lists. As you can probably imagine, the amount of e-mail this generates can easily swamp a user, and the hassle of trying to untangle an account can be immense.
As responsible list administrators, we don't want our sites to be used for these kinds of attacks. As a user, you definitely do not want to be on the wrong end of one of these attacks. Mail-back confirmation, the process we use, is one of the few systems available where we can guarantee that the user of an e-mail address is the person who made the subscription request.
Here's how our confirmation system works: when you request a subscription, our server will process it and send you, at the address you requested subscribed, what's known as an authorization (or auth) string.
The authorization string looks like this:
auth <auth_key> subscribe <listname> <your_address>where <listname> is the name of the list you've requested to subscribe to, and <your_address> is the e-mail address you've requested to be subscribed.
<auth_key> is a key generated by the server that is unique to this address. That is how the mail-back confirmation works. When you mail the auth key back to email@example.com (you can also reply to the message, but remember to edit the reply as we explain below), the list server will compare the <auth_key> in your message with the information we have on your request. If it all matches, we know that the person who sent in the auth string is the actual owner of the e-mail address. An e-mail forger can forge a subscribe request, but since the auth string has information that is only available to the person reading e-mail sent to that address, a forger can not forge the auth string. That way, we know this request is genuine and not part of a mail-bomb attack.
Common confirmation problems (and how to solve them)
There are a few very common problems users have while trying to confirm their subscriptions. Here are some hints on how to avoid them:
We want to help you get subscribed, but we have to be somewhat paranoid about e-mail attacks and forgeries. Please understand we're doing this not to create problems, but to avoid them -- for you and for us -- and work with us. Until better ways to verify the validity of e-mail and addresses, we have to be very careful about adding users to mailing lists. It may seem we're being bureaucratic at times, but in reality, we're simply trying to protect people from the idiots out there. We wish this weren't necessary, but it is.
The Apple Store | Hot News | About Apple | Products | Support
Design & Publishing | Education | Developer | Where to Buy | Home
Mac Products Guide | Job Opportunities at Apple | Apple & Year 2000
Contact Us | Privacy Notice
Copyright © 1999 Apple Computer, Inc. All rights reserved.