tags:

views:

514

answers:

5
+8  Q: 

How to add one-click unsubscribe functionality to email newletters?

I'd like to customize the "unsubscribe" links in our email newsletters so that they remove the recipient with a single click. Right now they just point to a generic page where the user has to enter their email address and select the newsletter from which they'd like to unsubscribe.

It seems like this should be pretty straightforward, i.e. just include the email address and newsletter id as url parameters. But when I looked at examples from the lists I subscribe to, many don't include a recognizable address and most appear to be using what looks like guids and/or hashed values in the parameters. From that, I'm guessing that I should be hashing or otherwise encoding some information to prevent malicious abuse of the unsubscribe form.

So my question is really about best practices and not reinventing the wheel. Is there a standard way to handle this sort of functionality? More specifically, are there reasons not to include the recipient's email address as part of the url? This seems just simple enough that it feels like I'm overlooking something.

+6  A: 

You can encode a URL like so:

http://yourserver.com/unsubscribe/<encoded-email>/<expiration>/<signature>

Where <signature> is something like HMAC(secretkey, "<encoded-email>/<expiration>"). Encoded-email can just be a URL-encoding of the email, or it can be an actually encrypted (AES+CBC+Base64 or similar) version of the email. Using full encryption would seem to be of little use though - since the person receiving this has their own email address anyway.

This signature scheme has the advantage of not needing any database storage, while remaining secure against malicious attempts to unsubscribe someone.

Alternately (or in addition to the above), you can send a confirmation mail out to confirm the user's intent. This avoids problems if the user forwards the email.

bdonlan  2009-08-06 19:38:05
So if I understand, you're basically saying to include emailaddress, and a hash of emailaddress+secretkey in the unsubscribe link; then my unsubscribe web page will rehash emailaddress+secretkey and make sure it matches the hashed value passed to the page. And this prevents abuse because the secretkey value exists only on our server. That makes sense so far, but what's the purpose of <expiration>?
Matt  2009-08-06 20:21:30
@Matt, expiration is to ensure these urls don't need to remain secret forever and a day. :)
bdonlan  2009-08-06 20:23:45
Matt  2009-08-06 20:36:28
I mean, it expires so if it's posted publicly, the window of time in which it can be used to unsubscribe that person is limited. This is mitigated if you use a confirmation mail, of course.
bdonlan  2009-08-06 22:07:09
Got it. I spent some quality time with google and MSDN, and an HMAC looks like just what I wanted but didn't know how to ask for. Thanks again.
Matt  2009-08-07 23:30:48
Here's an example of using HMAC in C#: http://buchananweb.co.uk/security01.aspx
Atømix  2009-12-16 19:14:48
@bdonlan <expiration> - is it encoded DateTime value (like email address)?
kilonet  2010-10-17 21:01:39
Yes, it's an encoded date. Unix time would work well here.
bdonlan  2010-10-18 03:11:01
+2  A: 

If your mailing list software uses old-school best practices, there should be an 'unsubscribe' email address - emailing to that address from the address you want to unsubscribe (possibly with a fixed subject line) generally does the trick (along with sending a confirmation email). In that case, adding a properly formatted 'mailto' link should do the trick.

Harper Shelby  2009-08-06 19:40:30
I like this approach, but I'm dealing with an existing code-base and architecture that makes it easier to go the web-based route.
Matt  2009-08-06 20:24:33
+1  A: 

Two reasons for not having a plain text email address in the query the in the URL are that you don't want malicious users unsubscribing your customers from your mailing list.

The second which probably would only affect companies sending millions of e-mails, is to make it harder for spammers to 'sniff' for genuine email addresses.

Phil Carter  2009-08-06 19:45:19
A: 

It's not safe to embed email addresses in a newsletter. Not sure about yours but many newsletters ended up in some archive on the web. There are spam bots specifically designed to harvest addresses from mailing list archives.

Email is a safer technology for this. Setup a mail account for unsubscribe and get Email address from mail headers. If you use any mailing list software, it should handle this already.

ZZ Coder  2009-08-06 19:46:09
A: 

I give each email I send an ID, then look up the email ID when they click unsubscribe.

http://www.foo.com/unsubscribe.asp?ID=1234

And then unsubscribe the email address I sent 1234 to.

Jim  2009-12-15 21:07:35

related questions

I ALMOST understand how email works, but I'm missing something.
Sending Email in .NET Through Gmail
MS hotfix delayed delivery.
How to send email from a program _without_ using a preexisting account?
Email SMTP validator
Maximum length of a MIME Content-Type header field?
If email is not the answer then what is?
Accessing an Exchange Server without Outlook
Recommendations for a .NET component to access an email inbox
Email queueing in php
How do I open the default mail program with a Subject and Body in a cross-platform way?
How do I send a file as an email attachment using Linux command line?
Read from .msg files
What was your biggest mistake involving programmatically sending email?
Good email service for bulk emailing
parsing raw email in php
Is there any wiki engine that supports page creation by email?
Sending emails without looking like spam
What's in your .procmailrc
Why won't Entourage work with Exchange 2007?
Can I use JavaScript to create a client side email?
E-mail Notifications
Is a "Confirm Email" input good practice when user changes email address?
MAPI and managed code experiences?
How do you make sure email you send programmatically is not automatically marked as spam?