Get answers quicker by searching

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

  • Ben June 2013
Encrypt subscriber emails in unsubscribe url
  • Vote Up0Vote Down blasthausblasthaus
    Posts: 4Sendy user

    Currently the unsubscribe link contains an unencrypted email address in the url. This url can be accessed by anyone to unsubscribe anyone else. Is there some (even basic) encryption that could be done on the email address when passed into the url to prevent this from being so obvious? Or maybe some use of the database to tag or salt user email addresses?

  • 2 Comments
  • Vote Up0Vote Down BenBen
    Posts: 3,484Sendy support

    Hi @blasthaus,

    Sendy encrypts all IDs and emails in the URL with AES-256-CBC encryption method (used by the U.S. government to encrypt top secret documents) using openssl_encrypt / openssl_decrypt and hashed with your API key.

    If you see the email address in the URL, that means your PHP version is either lower than 5.3 or your PHP does not have OpenSSL support. I checked and saw that you are on PHP 5.3.2, so it's not that. So I checked your PHP info and saw that you do not have OpenSSL.

    You need to install OpenSSL if you want emails and IDs to be encrypted with openssl_encrypt / openssl_decrypt.

    Thanks.

    Best regards,
    Ben

  • Vote Up0Vote Down BenBen
    Posts: 3,484Sendy support

    Once you have Open SSL installed for PHP, your unsubscribe link will look something like this:

    http://yoursendyurl.com/unsubscribe/RrwK2sSKkabBGSVzMTAccs/Krj8dTHThDtKjEwbnUr6WV/EnTWWjr2JgBRy3Jzu9aZGt

This discussion has been closed.
All Discussions