Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It was, a few years ago Mailchimp and a few other ESP's were subject to major listbombing attacks.

https://wordtothewise.com/2016/08/subscription-bombing-esps-...



Unfortunately nearly every mailing list sends a confirmation email. that's good enough for an initial flood...

A better solution would be "send an email to newsletter@domain.com"! Very surprised this hasn't been implemented


Ah, but then fewer people would "sign up for the newsletter" by failing to toggle the box on the checkout page. Then your list membership growth rate would go down! Can't risk that, no wonder it hasn't been implemented.


Mailchimp turned off double opt-in as the default list behaviour, presumably as a result of this listbombing taking place.

It eliminates the immediate flood from the listbomb attack but does mean the email address now has to opt-out from every list they've been susbcribed to.

https://wordtothewise.com/2017/10/mailchimp-changes-signup-p...




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: