(In reply to Kai Engert (:kaie:) from comment #4)
Bob, let me try to ask you differently:
You said, you have access to the logs of monitor.firefox.com so I conclude you understand how that service works.
The link that you cited looks like a verification link from your service, is that correct?
Is your service creating those links, and sending them out to by email?
If yes, can you please explain what events trigger creation of those links and sending them out?
When a user adds an email address to their Firefox Monitor account/subscription.
You mention "expired tokens". I don't understand how tokens work in the context of monitor.firefox.com
I'm guessing, you are talking about an "email address verification token" that your service created?
Yes, we generate a uuidv4 token for the verification link.
Is my understanding correct, that the following sequence of events could create one log entry in your logs?
- user requests your service
- you send out a verification email with a link containing a verification token
- the user waits until after the token expires
- the user clicks the link
If yes, we know that old emails could be related to triggering those entries.
Yes, this seems like the most likely explanation.
We don't know yet why you'd get many of the same links in your log.
Is my analysis correct?
Yes, you have everything correct.
Is it possible a thunderbird client may have an extension or plugin that tries to automatically click links?