
Ask HN: Method for collecting email address on a static site - OldHand2018
Running a static website on a Digital Ocean droplet with all traffic redirected to https using Let’s Encrypt.  If I want to enable visitors to subscribe or unsubscribe from a newsletter while keeping the website entirely static, what are the downsides to this approach:<p>Create an HTML form that collects the email address, with actions of<p><pre><code>   https:&#x2F;&#x2F;example.com&#x2F;subscribe.html?email=johndoe@email.com
   https:&#x2F;&#x2F;example.com&#x2F;unsubscribe.html?email=johndoe@email.com
   https:&#x2F;&#x2F;example.com&#x2F;gpdr.html?email=johndoe@email.com

</code></pre>
My web logs are scheduled to rotate daily and I have a scheduled task that will scp into the server and pull down the log file from the previous day.  I can then just parse the log files locally to maintain my active list of subscribers and respond to gpdr requests.  The email address is encrypted in transit because of the https connection, and I can maintain a very basic server that has only nginx running and only ports 22, 80, and 443 open.  Right?  It’s just a one-person website and I am the only one with access to the logs, which I destroy after a set period of time anyway.
======
core-questions
That's actually a pretty novel approach! Most often, I've seen people use
external services for maillist management when they're trying to go fully
static.

As long as your log parsing is up to snuff, I think it's a neat approach.

------
gus_massa
It's a small(?) security problem because all the intermediate servers can see
the URL and then see the email. It will even be added to the logs of the proxy
or whatever intermediate step has the connection.

