Fri Aug 05 2011

How to design an unsubscribe link?!?

in: HTTP

We send out mail to 70,000+ members of our organisation. In theory they know they're getting it cos they're advised when they join the organisation that we'll send the email… yes, I know that implicit opt-ins aren't best practice… I want to polish up our email unsubscribe flow since the amount of mail we send out is steadily climbing as we move from paper to email for more things.

So first idea… you click a link = you get unsubscribed…

http://unsubscribe.somewhere.co.uk/123435

where 12345 is your user id.

Except someone malicious could

 for(i=0;i<1000000000;i++)
 {
 	$.get('http://unsubscribe.somewhere.co.uk/'+i);
 }

and unsubscribe every member.

No, it isn't that likely since this is for a climbing organisation but, it's an avoidable risk!

Alright, we don't need to make it into

http://unsubscribe.somewhere.co.uk/{encrypted_something}

I think that would be overkill so let's

http://unsubscribe.somewhere.co.uk/email_address

That way although you could sit and guess the email addresses of members to unsubscribe them at least it is harder and the urls are readable

Except the HTTP RFC says that a GET request should be idempotent.

not sure if meme is appropriate or you should feel bad

"Idempotence is the property of certain operations in mathematics and computer science, that they can be applied multiple times without changing the result."

In short someone clicking a link can get information from the database but shouldn't update information.

The problem is that I think that is counter-intuitive. I know I don't click links hoping that the actions carried out are idempotent. I click a link expecting something to happen and if we confound a user's expectations then we get to do the same job at least one more time… and I'm lazy - so that isn't a solution for me

But what is the solution since people are not going to want to spend time reading the page. How do I make what someone sees work well?

I'm a google fanboy so what do they say

Unsubscribing</span>
A user must be able to unsubscribe from your mailing list through one of the following means:

  1. A prominent link in the body of an email leading users to a page confirming his or her unsubscription (no input from the user, other than confirmation, should be required).
    2) By replying to your email with an unsubscribe request.

So I think that we're going to shufty this all-around a bit.

Two types of mailings = two types of link

unsubscribe.somewhere.co.uk/areas/email@person.com
unsubscribe.somewhere.co.uk/monthly/email@person.com

When you hit the page you can click a big button to confirm the action (which ajax-ily updates your displayed state and we can track how many people hit the page without doing anything).

mockup of UI

More like this...