layer5 icon indicating copy to clipboard operation
layer5 copied to clipboard
Published 4 weeks ago verified publisher icon layer5io

Inconvenient subscribe/unsubscribe schema for the newsletter/emails

Open devhindo opened this issue 9 months ago • 7 comments

I was exploring one of the recent newsletter emails and found that the unsubscription process is inconvenient. Let me explain.

Initially, when subscribing to the newsletter at the end of the page layer5.io, I can simply enter my email and click subscribe. Basically, anyone can subscribe anyone else, even if it's not their own email address. This isn't the best implementation, but it is somewhat convenient for initial signup. However, here's where it becomes inconvenient.

After subscribing and receiving emails, at the end of each email, there's an unsubscription ability:

If you don't wish to receive emails, unsubscribe here - https://layer5.io/unsubscribe

and I visit the public URL and enter my email and then unsubscription is successful.

This link lacks validation to ensure that the person performing the unsubscribe action is actually the owner of the email address.

This is incorrect. For example, I can unsubscribe anyone simply by entering their email address, claiming it's mine. Therefore, it would be more convenient and secure to only allow the owner of the email address to unsubscribe themselves. While allowing anyone to subscribe anyone else is acceptable, if someone else subscribes me, only I should have the ability to unsubscribe myself.

A simple initial implementation would be to generate a random string, perhaps 16 characters long, and make it unique for each email address. Attach this unique string to the unsubscribe link like this: https://layer5.io/unsubscribe/lsajkgdlwoijgsdlkgj. You could then have two scenarios:

Scenario 1: Once the link is opened, the unsubscription occurs immediately.

Scenario 2: A confirmation button is presented. If clicked, then the unsubscription occurs.

On the server side, you would need to associate each unique 16-character string with the corresponding email address that subscribed to the newsletter. This would ensure that only the owner of the email address has the ability to unsubscribe."

devhindo avatar Mar 21 '25 06:03 devhindo

@devhindo , I would love to work on this . Can you assign me this issue?

ChayanDass avatar Mar 22 '25 07:03 ChayanDass

go for it @ChayanDass

devhindo avatar Mar 22 '25 16:03 devhindo

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar May 08 '25 04:05 stale[bot]

i would like to work on this issue @devhindo

alokdangre avatar May 13 '25 05:05 alokdangre

@alokdangre go for it

devhindo avatar May 13 '25 05:05 devhindo

@devhindo I have some queries

alokdangre avatar May 13 '25 06:05 alokdangre

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Jun 27 '25 00:06 stale[bot]