Brian2000

Mailing Lists: A call to hacker-proof unsubscribe links, and make it easy for people to opt-out!

Subtitle: Mailing lists are DEAD. I understand companies spam everyone, but developers are also to blame!

Overview:

So you have a mailing list, and you want to make sure hackers out there don’t sneak in and remove your subscribers. AND, you also want to make sure it’s still quick and easy for a subscriber to remove his/herself? No problem, simply implement unsubscribe keys and keep the process user friendly!

Preliminary: Unsubscribe Keys

Creating account specific unsubscribe keys is an easy way to provide a heightened level of security for the remove/unsubscribe functionality in a mailing list system. Developers can use these keys as an extra required field to authenticate against if a user is trying to unsubscribe from a mailing list. This helps prevent a hacker from flushing everyone out of your list, and doesn’t require a lot of changes to your system.

Implementation: Creating the unsubscribe keys.

Option A. Two fields found in literally every mailing list system out there are the email address and the primary key. You might come across a table that doesn’t have a primary key, though rare this method can still be applied using another field in the table. If you can combine the email address and primary key into a string and then hash it, the resulting string will be difficult to reverse engineer (essentially, a method for predicting possible keys can be made, however no true answer can be found via hashing). After running the hash, the resulting string can be used as the unique unsubscribe key. When creating the keys, I also recommend using a salt to enhance the process, and add an extra level of sophistication to the process. This method can be run each time a user is added to the mailing list. Store these keys in the same table as the email addresses for easy recall or in a separate table (or database) that is only queried for unsubscribing as an extra precaution in case hackers were to gain access to the email table. Option B. Another option is using a function that creates random keys (like a password generator) and either hashing them with the email address or just using the randomly generated key as is. I recommend using "Option A" because it requires very few lines of code to implement, however if you already have a password generator in your system, it may be easier to simply call that function.

The Unsubscribe Action: Make it easy for people to unsubscribe or else!

Unsubscribing needs to be an easy process for everyone! Being able to simply click "unsubscribe" and be done is what separates a good mailing list from the terrible-awful spam mailing lists that populate so much of the internet. Consider this, if someone can easily remove themselves from your mailing list they may consider rejoining in the future. A painful unsubscribe experience is enough to loose a client or customer forever. Plus if people don’t want to read your emails, there is nothing you can to do to change their minds! A bad technique I've come across is the exit Survey. People don’t want to fill out a survey before they unsubscribe, and they certainly do not want to sign in or go through some other long process to remove themselves. If your unsubscribe process takes more than 1 click, people are going to flag your emails as spam instead of bothering with an elaborate set of instructions. Getting flagged as spam is the absolute death of a mailing list! When people begin reporting content as spam, it’s only a matter of time before that email address disappears from everyone’s inbox and is auto-labeled as spam for the masses.

A link is all you need!

At the end of your email provide a link that features the unsubscribe key and email address as URL variables to the unsubscribe page. When the page request processes, your unsubscribe function can check to see if the email address and unsubscribe key are a match. If the two fields match up simply remove the user from your list. Easy as pie! Example Unsubscribe Link: http://www.example.com/unsubscribe.php?email=JohnDoe@Foo.com&key=123456 Note: Users should never need to know their unsubscribe key, and most people that look at the link provided at the end of an email will never know it’s in there (or what it’s for). How many times have you clicked unsubscribe and didn’t think twice?