Preventing Unsubscribes in Forwarded Emails(litmus.com) |
Preventing Unsubscribes in Forwarded Emails(litmus.com) |
It's an edge case that someone will unsubscribe from someone else's mailing list or click it by mistake, so making every single person (99% who are unsubscribing on purpose) confirm, log in, enter their address or receive a confirmation is an infuriating waste of time.
The best way to mitigate this is a simple "You unsubscribed whatever@gmail.com", with a little undo button in case it was a mistake.
And if all this still goes wrong... if the person liked your newsletter enough, they'll figure out what happened when they stop getting it.
(Side note: I've really been hoping GMail and other clients would accept a URL in email headers that would handle unsubscribe, so they could add a button to the UI. I know that's oversimplifying everything, but it would significantly improve the email experience.)
If you are in the USA, it is also illegal. The CAN-SPAM Act[0] specifies that you can't ask the user for more than their email address[1]:
> "You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request."
See also previous thread on HN[2]
[0] http://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003
[1] Point 6: http://business.ftc.gov/documents/bus61-can-spam-act-complia...
Appears to work with Outlook.com/Hotmail, and Gmail. Not sure about Yahoo, but those two alone cover a pretty big group.
Not necessarily, unfortunately. As an example, take emails advertising pre-sale tickets to events, sent to people who have signed up specifically to have access to buy tickets before the general public.
If their friend is able to unsubscribe them, they don't get the email and miss the pre-sale access. Even if they do realise and resubscribe, there's a good chance they'll have missed the pre-sale period anyway (which only lasts a few days).
That's one of many examples that make "not to worry they'll just resubscribe" not quite work properly.
> The best way to mitigate this is a simple "You unsubscribed whatever@gmail.com", with a little undo button in case it was a mistake.
In addition to this, it's worth putting "This email was sent to whatever@gmail.com, unsubscribe by clicking here" in the email.
Eg, "I hate your political ideology. I'll unsubscribe you from the site you forwarded me an article from."
I'm sure that kind of threat is minimal and easily corrected, but the OP's suggestion of hiding it somewhat addresses that. It doesn't eliminate the threat of course, but it doesn't put it under their nose.
GMail offers to unsubscribe you if you mark something as spam and it's able to detect how to unsubscribe.
It reduces the number of buttons on the screen, which is a good thing, but I feel bad about potentially harming a companies credibility by clicking spam as a shortcut to unsubscribe if Google can't figure out how to unsubscribe.
If I'm unsubscribing from a spammy newsletter, I don't mind them sending exactly one "unsubscribe confirmation" email immediately that I can then have in my records later on in case I forget whether or not (or when) I unsubscribed.
Otherwise, it's really a very small thing to deal with. And it can be nice to have that email in your archive for future reference, like if they start spamming you again.
But the problem actually seems real, makes me glad that I am not an email marketer. If you provide a one-click unsubscribe to your users, you don't want them to give somebody else that link. Reading through this HN thread, I see two and a half other solutions mentioned:
(1a) Require users to enter their email address on unsubscribe. I hate that one because frequently it's really hard to figure out at which of my email addresses the message first arrived.
(1b) Require users to confirm the unsubscribe The better version of the unsubscribe forms from alternative (1) have the email address pre-filled, which wouldn't stop someone who knows what they are doing from unsubscribing others. But it gives those unsubscribing others unintentionally a hint about how they ended up with that message.
(2) Send an email confirmation after unsubscribe This way you can just re-subscribe if one of your friends unsubscribed you. Looks like some people in the discussion below like this approach, others hate it.
If I had to pick, I'd probably chose (2) because that's the only way of making sure an accidentally unsubscribed user notices what happened.
If you're used to HTML5 and CSS3, HTML for email will make your eyes bleed. Many CSS2 (!) attributes have quirks, few are cross-email client compatible. It's recommended that you inline your CSS, rather than using a <style> block, to ensure that it works as widely as possible. Even the <p> tag is considered a no-no as not every client renders it properly.
So while this doesn't work in Gmail, the <p> tag doesn't work in Yahoo!. #fml
Require confirmation instead of one-click unsubscribe**
Even better - allow unsubscribes by having the user take a photo of themself next to a handwritten sign with today's date, their email address and a request to be unsubscribed. Then you know it wasn't an accident!Regarding the unsubscribes, have you tested tweaking the copy? An example could be: "Unsubscribe XYZ@mail.com" instead of just "Unsubscribe"?
then
it turns out that one of the people who received the forwarded email thought it was spam and clicked the unsubscribe link
It may be ugly, but the system works :)
----
If your friend or colleague has forwarded this to you
and you would like to SUBSCRIBE to our mailing list,
click here.
If you are the subscriber (THEIR@EMAIL.ADDRESS) and
would like to unsubscribe, click here.
----
The unsubscribe page also has large text with the e-mail address that has been unsubscribed and an undo button, and the unsubscribed account is sent one more e-mail (after a short period) confirming the unsubscription with a link to re-subscribe if they want to.It doesn't prevent malicious unsubscription, but help to prevent or reverse accidental unsubscriptions of the type in the article. It also "works" in all email clients.
----
HOW TO SUBSCRIBE OR UNSUBSCRIBE
----
If your friend or colleague has forwarded this to you
and you would like to SUBSCRIBE to our mailing list,
click here.
If you are the subscriber and would like to
unsubscribe THEIR@EMAIL.ADDRESS, click here.
----What an idiot.
People here seem to think unsubs might be malicious; they don't seem to think that people getting email don't want it and just click any unsub link they see. Don't forget that the vast majority of people are hopeless with computers.
Anyone sending email to me along with 85 other people, especially if it's something like the Litmus product, is going to annoy the fuck out of me.
But most of their hacks are not 100%
Something as simple as "This email was sent to somebody@example.org, if you are this person click here to unsubscribe somebody@example.org" then display the email address again prominently on the unsub page
[1] http://business.ftc.gov/documents/bus61-can-spam-act-complia...
Go to single page->enter email->unsubscribed
I regularly see people reply to our messages and ask us to remove an address that we never sent anything to... (and we have a prominent one-click unsubscribe on every message!)
This problem is much better solved with an unsubscribe followup email containing a re-subscribe link.
EDIT I actually meant "read the article linked from the linked article" — I too spent a good minute there trying to find out their solution.
Still, thanks for the explanation. Does every mail client do this (like, due to an RFC) or just the popular ones?
Basically most e-mail clients change the dom structure in some way when you forward an email (like wrapping the original in a div). Write some CSS rules that require an unmodified structure to show the unsubscribe button.
> To unsubscribe, send an empty message to unsubscribe@...
Though it might be difficult to understand for less technically minded users, and might be a problem if you don't know what address the mail was sent to.
Perhaps a "send to a friend" link in the email would help?
Plus I don't trust you with these email addresses. I'll send the email on thankyouverymuch.
If you have a look at the article, linked from the article, they are hiding the un-subscribe link when the link is inside quotes.
For me, the emails that get forwarded to different accounts (due to email rules), don't have quotes, so the link will show. But pressing the forward button will put quotes around the entire email, so the link won't be shown.
In saying that, there are probably some email setup out there, that doesn't work like mine, and just happens to wrap every email that it displays in quotes...
I don't see how their system would solve the issue that occurs with this system: "inputting your email address and then pressing an ubsubscribe button" If I have to input my email address, I have to determine which email address I have to input.
I mean, if we are going to use that button to feel "satisfied" by punishing others whose business practices we or actions we disagree with, rather than to actually mark, you know, actual spam that we shouldn't have received in the first place, why not include some old fashioned tit-for-tat, right?
Seriously: you are abusing the right to be part of a collective spam filter by interpreting the rules of that law in that way. You aren't even doing it in a way that other users of that spam filter are going to obviously appreciate: a lot of people (heaven forbid) actually like receiving the email we sign up for.
Actually, spammy behaviour by "legitimate" senders should be punished, and they will get the message. Unsubscribe should be one-click - email users have enough on their plates already, and if I have done something, however small, to improve the behaviour of mailers, I feel great about that.
That also gets dinged against the sender and an account can be suspended if its too high.
TLDR; you're not using it as it was intended.
MailChimp etc are for messages you explicitly sign up for.
Regardless, I happily admit to having personally downvoted your comment (although I think I accidentally upvoted your response to dubcanada :() under any set of rules: your comment expressed, not just matter-of-factly, but with a sort of vindictive glee, that you were happy to interpret that law however you wanted, and then use a vaguely related collaborative system to enact your personal punishment on others, despite how other people using that system may feel.
In so doing, your comment didn't address either of the points made by its parent: 1) that that seems to be a narrow definition and 2) that major providers seem to believe that this is fine, and they are large enough to probably know what they are doing. If anything, your comment admits that it is wrong, but that it somehow more personally satisfying to do the thing you want to do regardless. If I can't downvote you for that, I'm not certain why we have downvotes at all ;P.
> Actually, spammy behaviour by "legitimate" senders should be punished, and they will get the message.
The situation here is not "spammy behavior". Even if the behavior in question violated that law (which it does not seem to), that still wouldn't make the result "spam". When you combine this with your interpretation of that law being somewhat fringe, using the word "spam" here loses meaning.
> Unsubscribe should be one-click - email users have enough on their plates already, and if I have done something, however small, to improve the behaviour of mailers, I feel great about that.
Even if you believe that "encourage behavior" is a legitimate usage of the shared spam filter you are participating in, you have to realize that the behavior you are thereby trying to encourage is really problematic: it's like encouraging websites to just tell anyone your password when they click the "I forgot my password" button.
The various threads on this post have demonstrated multiple cases, some malicious, some benign--and even some from people who claim to be benign but don't pass the "would the person I'm doing this to consider it malicious" test--as to why "click link with no verification of any kind" should not instantly unsubscribe you from these mailing lists.
Moving further into "even if": even if (and I maintain that this is just wrong) you decide "spam filters should be used to determine whether people are in compliance with the CAN SPAM Act", the law states you are actually allowed to have interfaces that include "menus" as part of the opt-out to determine what should be opted out of (as you may want to continue receiving some e-mail, but not things like that).
Meanwhile, the law seems perfectly happy to not even require a link at all: you are actually allowed to require the user to send you a message in reply asking to be removed (in reality, it doesn't even mention having a website at all). Further, the law actually states you can continue to receive mail for 30 days after you initiate the opt-out.
Honestly, in a perfect world, it would seem to be that no e-mail would ever contain an unsubscribe link, and would tell the user "if you want to unsubscribe, reply to this e-mail and tell us you want to be unsubscribed"; there are ways (involving usage of e-mail headers that affect the reply to and return paths) to make forwarding the e-mail then safe against benign mistakes made by friends, and fairly secure against malicious attacks made by people you forward the e-mail, in ways that the link are not (as evidenced by the premise of this article).
As I can find no reference to this in the guidelines, I guess this unofficial statement is the best we will get. Not a good policy - it's non-standard, and encourages the wrong kind of behaviour, but in the case of HN I will concede the point.
> that you were happy to interpret that law however you wanted
I am not interpreting any law. What someone does with their own mail client is between them and their provider - and that's in the cases where marking as spam is even sent to the provider, which is not the standard behaviour.
> if you decide "spam filters should be used to determine whether people are in compliance with the CAN SPAM Act", the law states you are actually allowed to have interfaces that include "menus" as part of the opt-out to determine what should be opted out of (as you may want to continue receiving some e-mail, but not things like that).
You seem to imagine that "spam" is purely a legal definition because there exists an act of congress that seeks to limit it. The term long predates the act, and the capabilities we have developed to fight it do not depend on the specifics of US law. Do I, or any regular mail user, care that the law allows menus? No, make us jump through hoops and we get mad. Or "gleefully vindictive", if you're feeling fragile.
> the law actually states you can continue to receive mail for 30 days after you initiate the opt-out.
Which is why we do not rely on that particular law in the fight against spam.
But in fact, for most mail users actual spam is not a big problem. Gmail has great filters for example, and very rarely do most power users need to trawl through their spam folder for mis-filed messages. For most users, spammy behaviour by "legitimate" senders is much more pressing. If people really love your content, one-click unsubscribe is not going to keep them from it. If you put obstacles in the way of unsubscription, if you make it easier for them to mark you as spam (or filter you out, whatever), they will do so. My time, and the time spent by millions of mail users, is worth something, and is not to be wasted by mass-mailers' borderline behaviour.
So if you are one of these, I suggest you to give serious consideration to the hard-pressed user's experience of email.
This is actually the same problem in another setting: the downvote has a kind of meaning, and you disagree with it; if you don't use the downvote in the way that everyone else does, your data damages the results for everyone else.
> You seem to imagine that "spam" is purely a legal definition because there exists an act of congress that seeks to limit it.
No, in fact, I maintain that the CAN-SPAM act does not define "spam" (in fact, I believe it explicitly said it would refuse to define "spam"), and that thereby failure to address the rules of that law (which is how this thread was born) also does not define spam. You thereby cannot claim that things related to that law (or even your personal stretching of that law) define "spammy behavior".
> Do I, or any regular mail user, care that the law allows menus? No, make us jump through hoops and we get mad. Or "gleefully vindictive", if you're feeling fragile.
If you really don't want to receive their mail, you should add them to your kill file. Hell: if you didn't want to receive their mail in the first place, maybe you shouldn't have signed up for it ;P. (Remember: the laws on this matter don't apply to people who are contacting you out of the blue with no prior business relationship. If someone is doing that, they they are outside of the scope of this entire conversation, and in fact are probably "spam" no matter how their unsubscribe links are implemented.)
> Gmail has great filters for example, and very rarely do most power users need to trawl through their spam folder for mis-filed messages. For most users, spammy behaviour by "legitimate" senders is much more pressing.
Gmail only has great filters until enough people like you ruin their data set by including things that are not spam into the list of things that are spam.
> For most users, spammy behaviour by "legitimate" senders is much more pressing.
No. This seems to be the position of a rather small minority of people who get really really angry on public forums about how e-mail is implemented. The majority of people you see talk about spam and the problems of spam claim that the issue is that if their e-mail address becomes at all public (such as on a mailing list, where you should expect it to be public), they suddenly start receiving large quantities of e-mail from random senders or even pretending to be their friends, neither of which can be stopped with a kill file (the correct solution if you personally just hate one specific company).
> If people really love your content, one-click unsubscribe is not going to keep them from it. If you put obstacles in the way of unsubscription, if you make it easier for them to mark you as spam (or filter you out, whatever), they will do so.
I don't send e-mail to anyone except for password resets, so you have shifted the argument. I am claiming that as a receiver of mail, I don't want people like you screwing with the spam filter to make totally legitimate mail, mail that even includes unsubscribe links that are in perfect compliance with the laws that many people argued over having, mail that I asked for and wanted to receive and would be sad that I don't, accidentally end up not being sent to me because I forwarded it to my friend Pat, and he accidentally (or purposely) clicked the unsubscribe link: that is a security issue, and should be addressed as one.