Hey folks. We developed a custom plugin to integrate my payment system with Discourse.
Basically what it does is that it creates a new user based on a POST notification sent by my payment system where it creates a new user and then assign a expiration date for his access.
Although “only the first e-mail gets screwed up” is a new twist, one problem we’ve seen a lot with interaction link e-mails is certain security programs, which scan e-mail for links and visit those links looking for malware. We’ve done some things to try and guard against that, but it’s possible some over zealous scanning program is still managing to look enough like a person to make Discourse think the link has been used. Check your site access logs to see if there’s any requests to the link before your browser.
I recently change unsubscribe so it only acts on a POST, in the past it acted on a GET. In general this is the best approach, only make changes to data on POST