Abhilash Raj writes:
If this is one-click, can't this URL be hit by anyone trying to remove the user from any MailingList without any auth or anything?
Mark's suggested implementation, yes. (This is NOT a knock on Mark; he's just providing what the customer asked for.) In particular, this is apparently a marketing newsletter. If somebody gets mad at the company, they can just unsubscribe every address they know of. (And for a small cost on the darkweb, millions of addresses that were never subscribed.) Sadly, GDPR is a collection of a variety of very bad ideas in one place. Almost a textbook on shooting off your own foot.
That said, I have some ideas for how to make this safe for corporate Germany, specifically, keep a database of user-specific OTKs. (These could be time-limited -- with the server returning a "use a more recent message's URL message -- or permanent.) For the usera/userb reasons Mark gives, and the preview-url reason you give, this is *still* not going to be safe for discussion lists. But if the From: is <noreply@DeutscheKompany.co.de>, so you have to shoulder surf and have a photographic memory to get the user's unsubscribe URL, it should be reasonably secure for announce lists and newsletters.
Perhaps we should implement it?
Steve