Not the same, since if you buy Bitcoin, you don't have partial ownership of the machines used to mine and also these machines being used for a singular purpose which you cannot change.
The one-click policy is actually about sending the list-unsubscribe header so the email client can render an opt-out button.
An unsubscribe link in the body of an email can have a confirm step.
In fact if you are serving a B2B audience it is essential that you do, since an increasing number of security services like Barracuda, Fortra, etc. auto-click every link in the email body to check for phishing. If you have one-click unsubscribe links in your email body, those people will be constantly unsubscribed without their knowledge.
To stay CAN-SPAM compliant, the sender MUST NOT require anything else but an email and a single visit to a webpage. A confirmation page is OK but requiring an auth or any other information or steps is simply illegal.
As a rule of thumb, one-click List-Unsubscribe with List-Unsubscribe-Post headers and a plain opt-out page (with confirmation if you risk such security solutions clicking on them, applicable only in B2B as you say) for the unsubscribe link in the email body.
These links should ideally be personalized (i.e. encode recipient’s email/account ID) so the opt-out page would not even require users to put their emails.
And please keep List-Unsubscribe via mailto as well, some clients may not support HTTPS POST.
One of the B2B newsletters I used to help manage costs $25k per year to subscribe to. When email security systems started auto-clicking, we fielded a bunch of angry phone calls before we figured it out.
I know there’s a vocal contingent here on HN that hates all email, but the reality is that email is heavily used for things that people want.
I just learned about the list-unsubscribe header in this article. Is this what allows Gmail to provide its own "Unsubscribe" button on certain emails next to the Subject line?? I've seen this button on certain emails and never knew how they decide when to implement it, or what it does.
That’s indeed what it is. It sends an automatic email to the List-Unsubscribe address, which if implemented correctly per the spec/regulations, authorises an immediate unsubscribe. More secure too because your email address is confirmed by SPF/DKIM. Nobody else with a copy of the email can unsubscribe you via List-Unsubscribe, like how just anyone can click the unsubscribe footer link if you forward it.
Under the BIMI scheme you don't pay Google, but a Certification Authority (only Digicert and Entrust for now) to get a certificate for your company logo, so that Google and other mail providers will display your company logo.
> Under the BIMI scheme you don't pay Google, but a Certification Authority
Thanks for the information. So, if I get it right, the blue checkmark is simply a way to say that Google performed adequate checks?
Why not simply display the logo only for BIMI-certified emails, and drop the checkmark? Or drop any email whose logo isn't certified, as it happens for mails without dkim?
It feels weird that Chrome is dropping the padlock as a marker for https because they believe people confuse it to mean the site is trusted, and at the same time google introduces a checkmark that, inevitably, some people will interpret as a sign that the sender can be trusted.
Another issue, is that logos are much more volatile than domain names, and I don't see a good way to prevent scammers to bimi-register visually confusing logos. So I don't think it's a good idea to emphasize logos to users as a mark of trust in emails.
>Thanks for the information. So, if I get it right, the blue checkmark is simply a way to say that Google performed adequate checks? Why not simply display the logo only for BIMI-certified emails, and drop the checkmark?
Yeah the checkmark is a Google idea, the BIMI standard is only about verifying the logo.
> Another issue, is that logos are much more volatile than domain names, and I don't see a good way to prevent scammers to bimi-register visually confusing logos. So I don't think it's a good idea to emphasize logos to users as a mark of trust in emails.
Well in theory the CA will manually verify that the logo submitted by the company is visually matching a registered trademark by the same company. That's the reason why a VMC certificate is so expensive. But let's see how it goes about that.
Pro can still get around it, as Pro is not actually a consumer edition. To get around it with business editions of Windows you select the option to add the computer to a domain. The domain join process doesn't happen during OOBE, so you're prompted to make a local account. Then you can just carry on without joining a domain.
