Unsubscribe from emails without login

email

(Thomas Purchas) #1

This has come up before here and here and both threads have been closed.

However there is no answer on whether or not unsubscribing from emails without login will be added (unsubbing from email topics is possible, but requires login). The new ability to set default watching categories I think is now super important to minimise the amount of friction involved in unsubscribing from emails.

My feature request has three parts:

  1. Add a single link for unsubscribing from a watching categories in emails.

  2. Remove the need to login to unsubscribe

  3. Improve the SSO unsubscribe experience. At the moment clicking an unsubscribe link will result in you being set to the home page if you’re not logged in (you are not prompted to login, or given any indication that clicking the link did anything)

I understand that @codinghorror is worried about people misusing these links to unsubscribe people without their knowledge (when they forward an email or similar). However as @avron points out other sites deal with this issue by sending warning emails.

At the moment our members are automatically given a Discourse account when they first create an account on our main site. This in-turn automatically subscribes them to some Discourse categories to try and drive engagement. However this approach is backfiring a little now as I didn’t realise how difficult it is for new users to unsubscribe from emails.

Additionally we suffer from a community education problem, as most of our users don’t understand what “Watching” means, which compounds the issue.


(Jeff Atwood) #2

Too risky, far too risky to give out a URL that once forwarded via email lets anyone take the account preference action just by visiting the link. I am not aware of any services that behave this way.


(Erlend Sogge Heggen) #3

This has come up in feedback from communities with roots in mailing lists as well, e.g. @coderanger from Chef.

[quote=“codinghorror, post:2, topic:35389”]
I am not aware of any services that behave this way.
[/quote]I had to do some digging, but I did find at least one example, from BitBucket:

I tested it and it unsubscribed me without being logged in.

That doesn’t mean your concerns aren’t valid. But maybe there’s a compromise to be made here? What if the Unsubscribe button acted as a pre-filled mailto link, letting you send an unsub-me-mail to wherever the notification came from.


(Thomas Purchas) #4

As a separate issue, the current unsubscribe UX for SSO sites is awful.

When a user clicks an email link, and is not logged in, they are directed to the home page. There is no indication that they need to login, or how to unsubscribe from the emails.

This has lead to numerous complaints from people saying that the unsubscribe links don’t work at all.

I can file this as a separate feature/bug request if that’s convenient?


(Noah Kantrowitz) #5

vBulletin has this in their footer please visit this page: http://hostname/subscription.php?do=removesubscription&type=thread&subscriptionid=18299&auth=7bc4d0betcetc.

I would say it probably shouldn’t immediately un-subscribe or otherwise take actions, but a URL to get to the user’s profile page already logged in seems like a reasonable compromise assuming the unsubscribe flow will be streamlined a bit overall, which I think is a separate request floating around.


(Jeff Atwood) #6

Hmm, we should definitely fix that. Which link has this behavior?


(Sam Saffron) #7

The big very relevant change we made recently was giving login guidance instead of a 404 on the page.


(Thomas Purchas) #8

The

To stop receiving notifications about this particular topic, click here.

link currently gets redirected to the home page. That link is live, so you can have a look at what happens.

This happens for user preferences, but with SSO enabled people are redirected back the homepage after doing an external login.

Additionally Discourse displays the recover password button (at the login prompt), which opens up a dialog that doesn’t do anything :confused: .


(Mittineague) #9

Hmm, “t” as in Topic?

https://discourse.filmsoc.warwick.ac.uk/t/san-andreas/2953/unsubscribe


(Thomas Purchas) #10

Yeah, that’s the topic unsubscribe link.


(Mittineague) #11

This reset my Notification setting for this thread

https://meta.discourse.org/t/unsubscribe-from-emails-without-login/35389/unsubscribe

A difference I think is in play here is that topic is

You need to log in to see that topic.

If the forum is “private” maybe parameters need to be passed?

But having login info in GET variables seems like a big NO to me.

An expiring SESSION token could work, but that feels like it would be a bit of work to code up.


(Thomas Purchas) #12

I’m not sure I understand you’re trying to say.

The link I provided should unsubscribe you from the topic notifications.

This action requires you to login, but if you click the link you will notice that you are never told this. You just get directed to the home page, with no instructions on how to unsubscribe. I believe this behaviour is unique to SSO enabled sites, which is how my site is setup.

This behaviour is very confusing to the user, and makes it look like the link is broken.

Most people work around this by passing a unique key. This I believe is already done for digest emails, so it would be nice to extend it to all unsubscribe links.


(Mittineague) #13

I mean that I think the problem is that one needs to login to see the topic


(Thomas Purchas) #14

Yes, but I don’t understand why that should make the unsubscribe link totally unusable and confusing.

The unsubscribe link should present a login page, not blindly redirect you to the home page.


(Sam Saffron) #15

Yes, I agree with that, @eviltrout did we miss this spot when we did the unsubscribe stuff for chef?


(Jeff Atwood) #16

Ok then we should definitely fix that, might be hard to have arbitrary params survive a SSO login through an external login provider, though.

The problem with your proposal is that we would need to maintain a database table with a unique unsubscribe key for every single email we ever send (do they ever expire?). That’s a pretty big set of feature / memory / disk bloat. And it still doesn’t solve the problem that anybody could unsubscribe you at will.


(Thomas Purchas) #17

This could be solved by using the URL as a payload, and including a signature made up of part of the URL and a site secret.

i.e. /c/features/unsubscribe/<user>/<sig>/ then the topic/category and user can be checked against the generated signature.

Where the signature can be sha(concat(<name>,<category/topic>,<secret>))

This removes the need to store any state server side, additionally an expiry and/or nonce could be encoded.

I agree this is true. But I would question how much of an issue what would be. As long as the emails aren’t made public (i.e. raw email view for email responses) then it’s unlikely that anyone would ever be able to get hold of the URL signature.

I don’t think forwarding emails to other people is a very common thing, especially on public forums where you can just send a link to the thread.

I’m hoping that others in the community could help us gauge how much of an issue this might be.

I could be that when you unsubscribe using the email link, you get sent a message saying that you have unsubscribed. But I feel like this is adding a lot of complexity for little benefit.

If I’m not mistake, the SSO nonce is stored in the DB with an expiry. Could that be used to keep these params stored in Discourse? then it can redirect as appropriate when the user is returned (using the nonce as a session token or similar).


(Mittineague) #18

I may not understand the use-case here, but it strikes me as odd that a member would have no problem being required to login to even read a topic, yet they have a problem needing to log in to unsubscribe.
(seems to be polar opposites)

IMHO redirecting / showing a modal to login would be adequate and acceptable, require less work to code up, and not introduce any potential misuse.


(Thomas Purchas) #19

I understand what you’re saying, but as I mentioned above this issues has arisen as a result of the new default watching categories, and how we have our site setup.

There is an argument that we are abusing Discourse a little by using in this manner. This is part of an attempt to drive engagement, which may be a little ham fisted, but I don’t think this is an unreasonable approach. Especially if the unsubscribe process is completely painless.

i.e. you click one link in the email, and your done.


(Jeff Atwood) #20

To be clear this is what happens as of latest when you visit the preferences link in your email as an anon user

Not sure if that is true for SSO sites though. Also @techapj can you check the behavior of unsubscribe topic for anons, e.g. this?

https://meta.discourse.org/t/unsubscribe-from-emails-without-login/35389/unsubscribe

That should probably go to the above page as well!