We just pushed out a small change to the AUTH link work flow. In the past, a user would click the users.dal.net AUTH link and the AUTH request would immediately be processed. There's a fatal flaw in this logic though. Some email providers and antispam/antivirus packages scrape or preview all email links to see if the links are "safe". If an automated process like this previews the AUTH link URL, it'll be as if the user clicked the link and authorized the change. Sometimes the user doesn't want this to happen, like during the email address change process where clicking the first email link will abort the email change. Effective immediately, we now require all user.dal,net AUTH links to be confirmed in the browser by the user. When they first click the AUTH link, they'll see a message, "Click below to confirm you would like to process an AUTH request for the nick BLAHBLAH." The AUTH request will not be processed until the "Confirm" button is clicked, something that an automated crawler will not do. Thanks to sps for bringing this to our attention. -- Ryan Smith <xpsycho@dal.net> Server Administrator (foxtrot.dal.net) and SRA The DALnet IRC Network PGP Fingerprint: 8A27 3349 2B43 D378 6349 8674 F13A D7BA C90E D44E