We send out mail to 70,000+ members of our organisation. In theory they know they're getting it cos they're advised when they join the organisation that we'll send the email… yes, I know that implicit opt-ins aren't best practice… I want to polish up our email unsubscribe flow since the amount of mail we send out is steadily climbing as we move from paper to email for more things.
So first idea… you click a link = you get unsubscribed…
http://unsubscribe.somewhere.co.uk/123435
where 12345 is your user id.
Except someone malicious could
for(i=0;i<1000000000;i++)
{
$.get('http://unsubscribe.somewhere.co.uk/'+i);
}
and unsubscribe every member.
No, it isn't that likely since this is for a climbing organisation but, it's an avoidable risk!
Alright, we don't need to make it into
http://unsubscribe.somewhere.co.uk/{encrypted_something}
I think that would be overkill so let's
http://unsubscribe.somewhere.co.uk/email_address
That way although you could sit and guess the email addresses of members to unsubscribe them at least it is harder and the urls are readable
Except the HTTP RFC says that a GET request should be idempotent.
In short someone clicking a link can get information from the database but shouldn't update information.
The problem is that I think that is counter-intuitive. I know I don't click links hoping that the actions carried out are idempotent. I click a link expecting something to happen and if we confound a user's expectations then we get to do the same job at least one more time… and I'm lazy - so that isn't a solution for me
But what is the solution since people are not going to want to spend time reading the page. How do I make what someone sees work well?
I'm a google fanboy so what do they say
Unsubscribing</span>
A user must be able to unsubscribe from your mailing list through one of the following means:
- A prominent link in the body of an email leading users to a page confirming his or her unsubscription (no input from the user, other than confirmation, should be required).
2) By replying to your email with an unsubscribe request.
So I think that we're going to shufty this all-around a bit.
Two types of mailings = two types of link
unsubscribe.somewhere.co.uk/areas/email@person.com
unsubscribe.somewhere.co.uk/monthly/email@person.com
When you hit the page you can click a big button to confirm the action (which ajax-ily updates your displayed state and we can track how many people hit the page without doing anything).