How to add one-click unsubscribe functionality to email newletters?

Question

I\'d like to customize the \"unsubscribe\" links in our email newsletters so that they remove the recipient with a single click. Right now they just point to a generic page

Answer 1

You can encode a URL like so:

http://yourserver.com/unsubscribe///

Where is something like HMAC(secretkey, "/"). Encoded-email can just be a URL-encoding of the email, or it can be an actually encrypted (AES+CBC+Base64 or similar) version of the email. Using full encryption would seem to be of little use though - since the person receiving this has their own email address anyway.

This signature scheme has the advantage of not needing any database storage, while remaining secure against malicious attempts to unsubscribe someone.

Alternately (or in addition to the above), you can send a confirmation mail out to confirm the user's intent. This avoids problems if the user forwards the email.