I'd like to customize the "unsubscribe" links in our email newsletters so that they remove the recipient with a single click. Right now they just point to a generic page where the user has to enter their email address and select the newsletter from which they'd like to unsubscribe.
It seems like this should be pretty straightforward, i.e. just include the email address and newsletter id as url parameters. But when I looked at examples from the lists I subscribe to, many don't include a recognizable address and most appear to be using what looks like guids and/or hashed values in the parameters. From that, I'm guessing that I should be hashing or otherwise encoding some information to prevent malicious abuse of the unsubscribe form.
So my question is really about best practices and not reinventing the wheel. Is there a standard way to handle this sort of functionality? More specifically, are there reasons not to include the recipient's email address as part of the url? This seems just simple enough that it feels like I'm overlooking something.
You can encode a URL like so:
http://yourserver.com/unsubscribe/<encoded-email>/<expiration>/<signature>
Where <signature> is something like HMAC(secretkey, "<encoded-email>/<expiration>"). Encoded-email can just be a URL-encoding of the email, or it can be an actually encrypted (AES+CBC+Base64 or similar) version of the email. Using full encryption would seem to be of little use though - since the person receiving this has their own email address anyway.
This signature scheme has the advantage of not needing any database storage, while remaining secure against malicious attempts to unsubscribe someone.
Alternately (or in addition to the above), you can send a confirmation mail out to confirm the user's intent. This avoids problems if the user forwards the email.
If your mailing list software uses old-school best practices, there should be an 'unsubscribe' email address - emailing to that address from the address you want to unsubscribe (possibly with a fixed subject line) generally does the trick (along with sending a confirmation email). In that case, adding a properly formatted 'mailto' link should do the trick.
Two reasons for not having a plain text email address in the query the in the URL are that you don't want malicious users unsubscribing your customers from your mailing list.
The second which probably would only affect companies sending millions of e-mails, is to make it harder for spammers to 'sniff' for genuine email addresses.
It's not safe to embed email addresses in a newsletter. Not sure about yours but many newsletters ended up in some archive on the web. There are spam bots specifically designed to harvest addresses from mailing list archives.
Email is a safer technology for this. Setup a mail account for unsubscribe and get Email address from mail headers. If you use any mailing list software, it should handle this already.
I have used a somehow simple method in a web application but I'm not sure if it is efficient and secure enough for other web app's purposes .
In my app when the user click on the unsubscribe link, I forward them to a page on my server with a Query string which is a combination of user email address and it's unique id in my DB (both encrypted preferably).
Then in the page load function of my page, first I decrypt the Email address, and then I check to see if the email address exist in my DB and then if the answer is TRUE, I check if the ID and the Email address are related and finally I remove the user according to other criterion.
I think it would do the job without any extra data entry to the DB.
Now I'm looking for a way to find out if the person who has clicked the link is the first hand person who I have send the email to or the email has been forwarded to him/her. So that no one other than the real user can (at least easily) unsubscribe him/her!
[Asking for a security question before finalizing the unsubscribing process is one thing that I have thought about so far]
I assign a unique 32-character identifier string (with MySQL: MD5(UUID())) to each e-mail address and only submit that identifier in the unsubscribe link.
I give each email I send an ID, then look up the email ID when they click unsubscribe.
http://www.foo.com/unsubscribe.asp?ID=1234
And then unsubscribe the email address I sent 1234 to.
来源:https://stackoverflow.com/questions/1240915/how-to-add-one-click-unsubscribe-functionality-to-email-newletters