Codefunc just recently added a mailing list on it’s website. While designing it, we took security into great consideration. Here are the points we discovered while designing it.
- Captcha is a must
The reason for this is obvious. We can’t have bots subscribing to our mailing list.
- Validating the subscriber”s email
We had to make sure that the person who signed up for the email is indeed the same person
- Protecting the subscriber’s identity
If an email already existed in our mailing list, we did not show an error message to the user. Now at least people won’t know that you are on our mailing list. However, if you still resigned up, we just send you an email telling you that you are already signed up.
- Passing information using POST
All form input was passed using POST ensures that at least your email won’t be visible in the url.
- Not putting google analytics on the pages that handle form submissions
Well, we were a bit paranoid of anyone actually being able to look at your personal information.
- Not passing the email address using GET
If someone confirms their subscription, they will be sent a special link containing a unique identifier as a GET variable. That same thing applies when they want to cancel their subscription.
I’m not sure if all of these made a difference, but at least we try our best to protect the subscriber.