I have a simple rails app where user can send a mass email to 10+ people. In this email I’d like to always have a link at the bottom which the end user can click to unsubscribe himself from the notifications. I don’t have much idea how I should tackle this.
can there be just a generic link in the email which users click then enter their email address to unsubscribe themselves? But problem with this is that some other user could unsubscribe someone else.
I would like to generate a specific unique link for each email so that when user clicks it, it automatically removes that user from the list rather than user having to do some extra work.
Where should I start in order to implement this?
Your unsubscribe links could look like this:
http://host/application/unsubscribe?address=example@example.com&token=598bbdf39bc8f27b07fe85b6a7dd8decef641605Generate the token using the email address and a magic token. Ideally, you’d use HMAC with SHA256, but even just sha1 should be ‘good enough’:
The
secret tokenportion would be fixed in your application, and theexample@example.comneeds to match the email address.Of course, if the secret token ever gets revealed, you’re back to anyone unsubscribing everyone. You could also store per-user magic tokens in your database to validate the tokens in URLs, that wouldn’t be much more difficult than this, and definitely much safer.