Skip to content

Inconvenient subscribe/unsubscribe schema for the newsletter/emails #6334

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
devhindo opened this issue Mar 21, 2025 · 2 comments
Open

Inconvenient subscribe/unsubscribe schema for the newsletter/emails #6334

devhindo opened this issue Mar 21, 2025 · 2 comments
Assignees
@ChayanDass
Labels
framework/gatsby Gatsby related help wanted Extra attention is needed kind/bug Something isn't working

Comments

@devhindo
Copy link
Member

I was exploring one of the recent newsletter emails and found that the unsubscription process is inconvenient. Let me explain.

Initially, when subscribing to the newsletter at the end of the page layer5.io, I can simply enter my email and click subscribe. Basically, anyone can subscribe anyone else, even if it's not their own email address. This isn't the best implementation, but it is somewhat convenient for initial signup. However, here's where it becomes inconvenient.

After subscribing and receiving emails, at the end of each email, there's an unsubscription ability:

If you don't wish to receive emails, unsubscribe here - https://layer5.io/unsubscribe

and I visit the public URL and enter my email and then unsubscription is successful.

This link lacks validation to ensure that the person performing the unsubscribe action is actually the owner of the email address.

This is incorrect. For example, I can unsubscribe anyone simply by entering their email address, claiming it's mine. Therefore, it would be more convenient and secure to only allow the owner of the email address to unsubscribe themselves. While allowing anyone to subscribe anyone else is acceptable, if someone else subscribes me, only I should have the ability to unsubscribe myself.

A simple initial implementation would be to generate a random string, perhaps 16 characters long, and make it unique for each email address. Attach this unique string to the unsubscribe link like this: https://layer5.io/unsubscribe/lsajkgdlwoijgsdlkgj. You could then have two scenarios:

Scenario 1: Once the link is opened, the unsubscription occurs immediately.

Scenario 2: A confirmation button is presented. If clicked, then the unsubscription occurs.

On the server side, you would need to associate each unique 16-character string with the corresponding email address that subscribed to the newsletter. This would ensure that only the owner of the email address has the ability to unsubscribe."
@devhindo devhindo added framework/gatsby Gatsby related help wanted Extra attention is needed kind/bug Something isn't working labels Mar 21, 2025
@ChayanDass
Copy link

@devhindo , I would love to work on this . Can you assign me this issue?

@devhindo
Copy link
Member Author

go for it @ChayanDass

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ChayanDass ChayanDass

Labels
framework/gatsby Gatsby related help wanted Extra attention is needed kind/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@devhindo @ChayanDass