Considerations about link on certificate expiration notice automatic mail messages


#1

Let’s encrypt sends automatically generated mail notices when certificate is about to expire.

These notices have a link to “stop receiving notices”. And this link is “one-click action that cannot be undone”.

There are some corporate mail server + anti virus mail scanners that fetch the links on the messages to know they are safe before delivering the mail to end user. In this case, it will automatically unsubscribe the user…

I suggest that the “stop” link could be an action that the user should click on a “confirm” button before being unsubscribed.


#2

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.