On 2020-08-13 at 16:55 -0700, Abhilash Raj wrote:
I understand you may have a legal requirement do do this, but these "one-click - no user confirmation" links are a bad idea because usera will reply to a list post or forward it and not remove the link and userb will receive usera's reply and click usera's unsubscribe link either maliciously or thinking it will unsubscribe userb.
There is also the issue that these days some Mail clients will try to create a preview of all the URLs if they can and it would inadvertently GET the URL resulting in the un-subscription.
It's not just mail clients, but also anti-spam solutions. So for some customers, when the email passes through the antivirus/anti-spam solution, it would automatically unsubscribe the user.
Check also this piece: https://inboxplacement.com/2020/05/machine-clicks-in-email/
If you end up with such system, the very least, I would make such system to also email the user one last time saying "Per your instruction as requested by machine IP V.X.Y.Z, we have unsubscribed from foobar-list, you can subscribe again by XYZ, etc." (maybe bcc the responsible internal team)
And you don't want to start trying to tell apart real vs synthetic clicks.
Regards