Subsriber mailing list issues


#1

I got an email “Let’s Encrypt Subscriber Agreement Update” from noreply@letsencrypt.org.

  1. It didn’t tell me how to unsubscribe. I don’t even know the list name,
    but it said “Dear let’s encrypt subscriber”, so the logical conclusion is that I’m subscribed to this list for life, and I’ll call it the “subscriber list” since I don’t know if has any official name.

  2. I got subscribed when I did some initial testing. Subsequently, I don’t give my email when I register a domain, (I don’t want my email to be associated with each domain I register). But I do want to be on the “subscriber list” to get announcements (at least for now), but I don’t see any way to independently subscribe to this list, or any information about it at all when I google let’s encrypt mailing lists and browse the first 2 pages. You support registering domains without email addresses, then you should logically support people registering to your “subscriber list” outside of the registration process.


#2

It seems the only way letsencrypt could have got your email address is through your subscription to this forum… to unsubscribe click on the link in the last line of any of the emails from this forum (if you still want to :slight_smile:).


#3

That seems highly unlikely. First, @iankelling said he got subscribed when he did some testing previously. Since Let’s Encrypt optionally takes an email address when it creates a new account on the ACME server, it stands to reason that that address would be used for such communications. Second, there’s no reason to assume that members of the forum would necessarily have certificates from the CA, and thus be at all interested in updates to the subscriber agreement.


#4

Good points - thanks.

After inspecting the mail headers I see (in my case) they come from different domains and to different email addresses - so you are correct. The change in subscriber agreement - which I want more than the community forum comes from mandrillapp.com. Replies to it are set to bounce. That’d be a mailing service (possibly used by mailchimp?).

I’ll take your word for it as I’ve never used certbot - but the docs don’t say the email address is optional, (I was required to provide one when I created my certificates, but that was in the early stages so things may have changed). I have not subscribed for testing…

The privacy policy for subscribers (certificate subscribers?) mentions retention of email addresses. As this is a potential privacy issue perhaps security@letsencrypt.org might be a starting point for Ian’s enquiry.


#5

I’m 99% sure it’s optional (I recall there being a flag to not have an email), but I don’t use certbot either, so I can’t say for sure. With letsencrypt.sh, though, which is what I use, the email is definitely optional.

…and after checking out the certbot docs, yes, it looks like you’d use --register-unsafely-without-email to choose not to give an email address.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.