如何添加一键取消订阅功能来发送电子邮件？ [英] How to add one-click unsubscribe functionality to email newletters?

问题描述

我想在我们的电子邮件通讯中自定义取消订阅链接，以便通过一次点击删除收件人。现在，他们只是指向一个通用页面，用户必须输入他们的电子邮件地址，并选择他们想取消订阅的通讯。

I'd like to customize the "unsubscribe" links in our email newsletters so that they remove the recipient with a single click. Right now they just point to a generic page where the user has to enter their email address and select the newsletter from which they'd like to unsubscribe.

看起来像这样应该非常简单，即只需将电子邮件地址和通讯ID作为url参数。但是当我看到我订阅的列表中的例子时，很多都不包含一个可识别的地址，并且大多数人似乎在使用参数中的guids和/或hash值。因此，我猜测我应该是哈希或其他编码的一些信息，以防止恶意滥用退订的形式。

It seems like this should be pretty straightforward, i.e. just include the email address and newsletter id as url parameters. But when I looked at examples from the lists I subscribe to, many don't include a recognizable address and most appear to be using what looks like guids and/or hashed values in the parameters. From that, I'm guessing that I should be hashing or otherwise encoding some information to prevent malicious abuse of the unsubscribe form.

所以我的问题是真正的最佳做法和不能重新发明轮子。有没有一种标准的方式来处理这种功能？更具体地说，是否有理由不将收件人的电子邮件地址作为URL的一部分？

So my question is really about best practices and not reinventing the wheel. Is there a standard way to handle this sort of functionality? More specifically, are there reasons not to include the recipient's email address as part of the url? This seems just simple enough that it feels like I'm overlooking something.

推荐答案

你可以像这样编码一个URL： p>

You can encode a URL like so:

http://yourserver.com/unsubscribe/<encoded-email>/<expiration>/<signature>

其中<签名> HMAC（secretkey，< encoded-email> /< expiration>）。编码电子邮件只能是电子邮件的URL编码，也可以是电子邮件的实际加密（AES + CBC + Base64或类似）版本。使用完整的加密似乎没有什么用，但是由于接收到这个密码的人有自己的电子邮件地址。

Where <signature> is something like HMAC(secretkey, "<encoded-email>/<expiration>"). Encoded-email can just be a URL-encoding of the email, or it can be an actually encrypted (AES+CBC+Base64 or similar) version of the email. Using full encryption would seem to be of little use though - since the person receiving this has their own email address anyway.

此签名方案的优点是不需要任何数据库存储，同时保持安全，防止恶意尝试取消订阅某人。

This signature scheme has the advantage of not needing any database storage, while remaining secure against malicious attempts to unsubscribe someone.

另外（或除了上述内容）之外，您可以发送确认邮件以确认用户的意图。如果用户转发电子邮件，则可以避免问题。

Alternately (or in addition to the above), you can send a confirmation mail out to confirm the user's intent. This avoids problems if the user forwards the email.

这篇关于如何添加一键取消订阅功能来发送电子邮件？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！