Details
Minor
Description
A confirmation of re-subscription can be received from CiviMail, but if the user used a different email the subscription will not actually occur in CiviCRM database. To create this situation on CiviCRM 1.7.beta.9101 with imap2soap CiviMail installation:
1) Send a CiviMail mailing to a group including Person1 with address "person1@primaryaddress.com"
2) Person1 unscubscribes from GroupA by clicking the "mailto:unsubscribe.XXXX.@site.com" link in the email and sending.
3) Person1 receives an Unscubscribe Results email, with a link to re-subscribe to GroupA.
4) Person1 clicks the "mailto:subscribe.1.1@bcsearms.org", and send the email using the address "person1@differentaddress.com"
5) Person1 receives a Subscription confirmation request email at "person1@differentaddress.com"
6) Person1 replies to the Subscription confirmation request with an email to "confirm.XXXX@site.com"
7) Person1 receives a welcome to GroupA email.
8) In CiviCRM Person1's status in GroupA is still "Removed (by email)"
The problem occurs when the resubscribe message at step 4, is sent using a different email address (can easily happen when clicking on mailto: links in an email client with multiple accounts). A chain of correspondance from CiviMail tells them that everything is OK, but it is not.
NOTE: There may be a design reason why 'subscribe' emails do not have full VERP hash codes, unlike 'confirm', 'unsubscribe', 'reply', 'optout', but this above situation is still a problem.
NOTE2: A complementary issue is that for the mailto: links with full VERP hash codes the action will be executed regardless of what email account it was sent from. This could happen if Person1 forwards an exciting message to Person2. Person2 doesn't think it's so exciting and sends an email to the unsubscribe mailto link. Person 1 will get a message saying they've been unsubscribed, so they could fix it if they're alert but it's not ideal.
SUGGESTION: I'm sure there'e already been thought into this but it would make sense to me for all mail actions to be confirmed by a match between the sent address and the CiviCRM primary email address that is linked to in the VERP hash. Then one of two things would happen:
a) A confirmation message is sent to the sender if the match is correct
b) A sorry messsage is send to the sender if their action failed because of an incorrect match.
This wouldn't be secure from mail spoofing, but it would prevent all of the inadvertant mistakes.
If there is a barrier to the above solution, then a quick way to reduce the likelihood of the re-subscribe error would be to add a note in the re-subscribe message saying "re-subscribe by sending to this address from your person1@primaryaddress.com account'