0

I want to do a mailshot to an existing mailing list. I want to include an Unsubscribe link in the email which, when clicked by the recipient, will request a url to a script on my server which will process the unsubscribe request. When a recipient receives an email containing the unsubscribe link and clicks on the link I want to pull the email address from the "To:" box of the email and pass it to as a parameter to the script url i.e.

Unsubscribe

How do I do this?

Ian Ryan
  • 29
  • 3

1 Answers1

1

I would do this server-side rather than client-side. One decent approach is to generate a random guid on your server for each email recipient. Then either generate a URL for each recipient containing their random guid, or use the guid as a URL parameter. When a recipient clicks on the email link to unsubscibe, you can use the guid to perform the "unsubscribe" action in your database for that recipient.

The use of a guid makes it impossible for an attacker to unsubscribe specific recipients. It also makes it very difficult for an attacker to unsubscribe random recipients because the guid search space is so large.

Clearly this only works if you can generate a customised unsubscribe link in each email. We probably need more info about your environment.

HTTP 410
  • 17,300
  • 12
  • 76
  • 127
  • This is how I am doing it, but if the email is forwarded to someone else, they can click on this link and unsubscribe/change preferences for the original recipient . There must be a better way to do it – AL̲̳I May 31 '18 at 11:30
  • @AL̲̳I, I suggest you raise a separate question for your specific case. – HTTP 410 Jun 04 '18 at 13:26