tags:

views:

44

answers:

2
+1  Q: 

how to generate link for unsubscribing from email

I have a simple rails app where user can send a mass email to 10+ people. In this email I'd like to always have a link at the bottom which the end user can click to unsubscribe himself from the notifications. I don't have much idea how I should tackle this.

can there be just a generic link in the email which users click then enter their email address to unsubscribe themselves? But problem with this is that some other user could unsubscribe someone else.

I would like to generate a specific unique link for each email so that when user clicks it, it automatically removes that user from the list rather than user having to do some extra work.

Where should I start in order to implement this?

A: 

Your unsubscribe links could look like this: http://host/application/[email protected]&token=598bbdf39bc8f27b07fe85b6a7dd8decef641605

Generate the token using the email address and a magic token. Ideally, you'd use HMAC with SHA256, but even just sha1 should be 'good enough':

$ echo "secret token [email protected]" | sha1sum
598bbdf39bc8f27b07fe85b6a7dd8decef641605  -

The secret token portion would be fixed in your application, and the [email protected] needs to match the email address.

Of course, if the secret token ever gets revealed, you're back to anyone unsubscribing everyone. You could also store per-user magic tokens in your database to validate the tokens in URLs, that wouldn't be much more difficult than this, and definitely much safer.

sarnold  2010-08-02 11:33:47
I like this idea. but few questions. How do I generate that token from inside rails? and that token will be associated with each person who gets the email right? (a new column in DB). So when user clicks to unsubscribe, my rails code reads the token....does lookup on table and unsubscribes if it finds a person with that token
Patrick  2010-08-02 11:45:28
@Patrick, [Jesse's](http://stackoverflow.com/users/363881/jesse-wolgamott) answer includes `SecureRandom`, which sounds like a great source for magic tokens. You could either store the token in your User model or create a new table with just user id and unsubscribe tokens, and populate it as you send emails.
sarnold  2010-08-02 23:36:30
+1  A: 

If you have a model for EmailTemplate and a model for Subscriber, then your code might look something like:

@email_template = EmailTemplate.find(3)
@email_template.subscribers.each do |subscriber|
  Notifier.deliver_template(:email_template=>@email_template, :subscriber=>subscriber)
end

so, you could change to

email_delivery = EmailDelivery.create(:email_template=>@email_template, :subscriber=>subscriber)
Notifier.deliver_template(email_delivery)

And then the email_delivery's before_create generates a token. A random password generator per email_delivery should be good. SecureRandom does a good job at random tokens: p SecureRandom.hex(10) #=> "52750b30ffbc7de3b362"

Include that email_delivery token in your email, and then do a lookup based solely on that.

Jesse Wolgamott  2010-08-02 11:40:15
I have not made the controllers/models yet but I will try your approach as well.
Patrick  2010-08-02 11:54:05

related questions

I ALMOST understand how email works, but I'm missing something.
Sending Email in .NET Through Gmail
MS hotfix delayed delivery.
How to send email from a program _without_ using a preexisting account?
Email SMTP validator
Maximum length of a MIME Content-Type header field?
If email is not the answer then what is?
Accessing an Exchange Server without Outlook
Recommendations for a .NET component to access an email inbox
Email queueing in php
How do I open the default mail program with a Subject and Body in a cross-platform way?
How do I send a file as an email attachment using Linux command line?
Read from .msg files
What was your biggest mistake involving programmatically sending email?
Good email service for bulk emailing
parsing raw email in php
Is there any wiki engine that supports page creation by email?
Sending emails without looking like spam
What's in your .procmailrc
Why won't Entourage work with Exchange 2007?
Can I use JavaScript to create a client side email?
E-mail Notifications
Is a "Confirm Email" input good practice when user changes email address?
MAPI and managed code experiences?
How do you make sure email you send programmatically is not automatically marked as spam?