0

Our WebApp allows members to send emails to other members and non-members for collaboration. Because I don't want to spam anyone, each mail to a non-member contains a link to opt-out from further mails. (Members can manage their mail preferences from within the app).

I wanted to respect the opt-out request without storing personally identifiable information such as the email address in our system, which is why I went for a hash-based implementation. Before a email is sent, the recipient is checked agains the opt-out list.

My opt-out table consist of the hash of the email address and an undo token: 

 hash(lowercase($email)), hash($undo_token)

The undo token is sent to the user along with the confirmation of the opt-out, should they change their mind. This token is required to remove an entry from the opt-out table.

However, people seem to delete those mails and we have received several requests that they want back in.

What is a secure, hard to abuse and automated way to undo an opt-out?

The solution should not allow a person to opt-in someone else. I also don't feel like sending emails to an address that is in my opt-out list without being sure it's them.

I am looking especially for links/references to credible and/or official sources. Thank you.

phisch
  • 4,571
  • 2
  • 34
  • 52

1 Answers1

0

I'm sorry, I don't have any credible sources for you but this is just my thought. I have seen some unsubscription links look like http://some-email-service.com?action=OptOut&secretToken=3648789036219699210blahblahblah. They use something like action=OptOut passed as a GET parameter. If you too are using some similar approach to unsubscribe the user, why don't you just use action=UndoOptOut to reverse the action? Moreover, if the OptOut confirmation email that you send is deleted by the user, then there is no other way to undo it other than the user explicitly subscribing again.

Nandan Desai
  • 397
  • 3
  • 10