Security and Privacy Question

[jonathanmmm]

Hi,

I am new to this project and wanted it to use it for a few newsletters. Can I somehow completely disable tracking, even anonymous one? Just no tracking at all who clicked or viewed an email.

Also how should I go about security, is the following form

<form method="post" action="https://mysite.com/subscription/form" class="listmonk-form">
  <div>
      <h3>Subscribe</h3>
      <p><input type="text" name="email" placeholder="E-Mail" /></p>
      <p><input type="text" name="name" placeholder="Name (optional)" /></p>

      <p>
        <input id="abc12" type="checkbox" name="l" checked value="some-code-is-here" />
        <label for="abc12">Emailverteiler</label>
      </p>

      <p><input type="submit" value="Abo" /></p>
  </div>
</form>

I tried changing the "some-code-is-here" value and I was not able to subscribe but changing "abc12" let me still subscribe.

I want to have a newsletter only members can subscribe to, so I have somehow have to hide the subscription link. Is the "some-code-is-here" the part that protects bots or someone trying to bruteforce subscribe to the newsletter?

I dont want every newsletter to be "private". Right now the private does not work, as I suspected, I though the private would be excactly what I try to find, but I can't use double optin with private, it is more like a manual email-list, like in the old days, right?

Thanks for your great product, leight weight and good design :-)

[knadh]

Can I somehow completely disable tracking, even anonymous one? Just no tracking at all who clicked or viewed an email.

You can just remove the {{ TrackView }} tag from your templates in Campaigns -> Templates.

name="l" checked value="some-code-is-here" /> Is the "some-code-is-here" the part that protects bots or someone trying to bruteforce subscribe to the newsletter?

No, that's the UUID of the list to subscribe to.

I want to have a newsletter only members can subscribe to, so I have somehow have to hide the subscription link.

The best way to achieve this would be to integrate the subscription API into your site. Or, I guess, you could just have that form somewhere where only your users see it and block the public form (/subscriptions/form) behind your webserver.

Thanks for your great product, leight weight and good design :-)

Cheers!

[jonathanmmm]

Can I somehow completely disable tracking, even anonymous one? Just no tracking at all who clicked or viewed an email.

You can just remove the {{ TrackView }} tag from your templates in Campaigns -> Templates.

Ok, thanks.

name="l" checked value="some-code-is-here" /> Is the "some-code-is-here" the part that protects bots or someone trying to bruteforce subscribe to the newsletter?

No, that's the UUID of the list to subscribe to.

But it somehow protects it right? If I put the subscriptions/form open to the wild internet someone could just brute force the UUID and subscribe to the private newsletter right? The UUID seems pretty long so with a bit of drosseling the bad guys could not so easy find the UUID. Do I miss something?

I want to have a newsletter only members can subscribe to, so I have somehow have to hide the subscription link.

The best way to achieve this would be to integrate the subscription API into your site. Or, I guess, you could just have that form somewhere where only your users see it and block the public form (/subscriptions/form) behind your webserver.

But that would mitigate what I do when some newsletters should be really public. Maybe the private newsletter could be in another folder in a form, so that I could protect this folder?

Thanks for your great product, leight weight and good design :-)

Cheers!

[knadh]

But it somehow protects it right? If I put the subscriptions/form open to the wild internet someone could just brute force the UUID and subscribe to the private newsletter right?

Public lists are meant to be just that, public. Brute forcing a 128 bit UUID against the subscription endpoints isn't that easy though, especially if you add rate limits in your web server.

That said, I just checked and the realised that the subscription endpoint does not internally check if the incoming IDs are public lists always. I remember that this check was skipped so that users could easily construct HTML forms for private lists too, but that isn't right. It has security implications, so private IDs should not be accepted via forms. Will fix this.

Maybe the private newsletter could be in another folder in a form, so that I could protect this folder?

Yeah.

You can:

1. Ideally use a private list and integrate the subscription API behind your website.
2. Use a public list on the HTML form (and hope that the ID doesn't get leaked or shared!)

[jonathanmmm]

Ok, with a private list I have to create a an API. Do I also have to create the double optin verfication myself (even if private I have to follow GDPR, maybe not, because the people already registred, I am not a lawyer)? Unsubcription and data delete works also with private lists or do I have also to create that via API? (as this process should be public, unsubscribing should be a one click via e-mail, without needing to login, is also some law, as I know).

Or could I increase the ID length to like 256 or 512 bit? Also is it possible to change the ID on a regular basis somehow or maybe even via API everytime somebody subscribes? I know I have to find a way to change my form, this way I would decrease or completely mitigate the risk of leaking.

[knadh]

Do I also have to create the double optin verfication myself (even if private I have to follow GDPR, maybe not, because the people already registred, I am not a lawyer)?

No. You just have to post the subscriber's name, email, and the list ID to an API and it gets added to listmonk. Double optin, data export, delete etc. all work normally.

Or could I increase the ID length to like 256 or 512 bit?

This is not possible. UUID is a standard. It's 128 bit.

The actual solution to your problem is to create private lists, and integrate a private form on your website that posts to the subscription API I linked above.