If you're like me, you're probably subscribed to a select number of quality newsletters, each delivering you a fresh batch of hand-picked curated content straight to your inbox on a timely basis.
Here are a few of my favorites:
- Node Weekly
- HTML5 Weekly
- Android Weekly
- Scotch.io Newsletter
Have you ever forwarded a newsletter issue to a friend or colleague because it contained something intriguing? Maybe your friend or colleague didn't feel the same and decided to click the "Unsubscribe" button at the bottom of the e-mail, forgetting that they weren't the ones that subscribed to the newsletter.
This will lead to a situation I refer to as "silent unintentional unsubscribe".
Silent Unintentional Unsubscribe
In most cases, newsletters will make it possible for anyone who gets their hands on the "Unsubscribe" link to unsubscribe the intended newsletter recipient from future e-mails without any identity verification.
There are several things wrong with this type of "trusted hyperlink" unsubscribe mechanism:
- It doesn't ask for your e-mail address in order to unsubscribe you (the unsubscribe links usually contain a unique hash that is linked to the recipient e-mail address internally)
- It doesn't send you an "Unsubscribe Successful" e-mail to let you know you (or someone else) unsubscribed you
- Sometimes it doesn't even ask you to confirm the action with an additional confirmation screen, making it very easy to unsubscribe accidentally, and much harder to re-subscribe as you dig through the website's settings to find the e-mail notification preferences. Also, your e-mail provider's spam filter mechanism might crawl the unsubscribe link for spam-detection purposes, silently unsubscribing you in the process
This one-click unsubscribe mechanism puts your subscribers at risk of silent unintentional unsubscribe. They'll be left confused as to why they no longer receive your newsletters. Usually, they won't even notice it's missing until after a few months pass by.
How can we avoid silent unintentional unsubscribe?
- Ask for the target e-mail - avoid generating a hash that is internally linked to the user's e-mail, simply ask the user to input their e-mail address to avoid any mix-ups
- Send verification e-mails - send an e-mail to the target e-mail address in order to complete the unsubscribe process - otherwise, do not unsubscribe the user
- Send "success" confirmation e-mails - send an e-mail to the target e-mail address when he/she has been unsubscribed successfully
Implementing these safeguards will render silent unintentional unsubscribes extinct forever.
If you think your users would be annoyed with having to click a link in the verification e-mail, no problem – when your users first subscribe to the newsletter, generate a unique hash, store it in your database along with the user's e-mail, and send it to the user to store in a cookie, e.g.
unsubscribe_verification_hash. When the user returns to the site to unsubscribe, validate the
unsubscribe_verification_hash to see if it matches the value in your database.
If it doesn't, or if it's missing (if the user cleared their cookies or switched to a different computer), no problem, just send the verification e-mail as you normally would.
If you operate a newsletter, please implement these verifications in your unsubscribe mechanism. You'll keep more subscribers that way, and avoid confusion due to silent unsubscribes.