Get answers quicker by searching

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

Unsubscribe URL in plain text
  • Vote Up0Vote Down SenDeeSenDee
    Posts: 5Sendy user

    Hi Ben,

    I have just updated to Sendy 2.0.2. I am already using PHP 5.3 and OpenSSL 1.0.

    phpinfo shows following:

     PHP Version 5.3.29
     OpenSSL support    enabled
     OpenSSL Library Version    OpenSSL 1.0.1e-fips 11 Feb 2013
     OpenSSL Header Version     OpenSSL 1.0.1e-fips 11 Feb 2013 
    

    My unsubscribe link is still in plain text. I have tried several test mails today using two different tags "" and "[unsubscribe]". Both are still in plain text.

    What could possibly be causing this? I need to fix this in priority.

    Lately I am seeing lots of unsubscribed mails. Not sure if receiver did it on will or somebody did it for them. Also hoping that link will be different after encryption. Otherwise, people who have idea of the URL can still do silly unsubscribe regardless of encryption.

    For example:

    Plain unsubsrice link is: /unsubscribe// With encryption, this link will be unreadable... something like : sdfsdf%DSKSDJFSDFasdf9asdff$%Dfasdfasdfsdf=@#sdf However after encoding and decoding, the link still remains the same right? It only goes through few extra steps to encode and decode the same link.

    In that case what crossed my mind is somebody who have idea of old plain text unsubscribe URL will still be do their old trick regardless of encryption by simply pasting the old plain URL with different email addresses.

    Waiting to hear from you soon.

    Regards,

  • 4 Comments
  • Vote Up0Vote Down BenBen
    Posts: 3,391Sendy support

    Hi,

    My unsubscribe link is still in plain text. I have tried several test mails today using two different tags "" and "[unsubscribe]". Both are still in plain text.

    Can you clarify what do you mean by "plain text". Can you paste a sample and working unsubscribe link in your next reply.

    Unsubscribe links are encrypted and decrypted, no one can just change the URL to unsubscribe others. And only the recipient can unsubscribe from their own email.

    Thanks.

    Best regards,
    Ben

  • Vote Up0Vote Down SenDeeSenDee
    Posts: 5Sendy user

    Hi Ben,

    I am still seeing this: http://my_sendy_url/unsubscribe/name@domain.com/3/ea

    Not the encrypted one.

    All I have to do is to change the email in this link. Have tested it myself and it works. It doesn't even ask permission or any kind of preventive mechanism like sending a real unsubscribe link to said mail (something like double opt-out mechanism).

    Actually I was unaware of this problem until somebody unsubscribed me myself from my own list.

    Thanks!

  • Vote Up0Vote Down BenBen
    Posts: 3,391Sendy support

    Hi,

    First of all, please see ? https://sendy.co/forum/discussion/1344/encrypt-subscriber-emails-in-unsubscribe-url/p1

    I checked your phpinfo and saw that you're using PHP 5.3.29 and have openssl installed on your server, so the reason why your unsubscribe link is not encrypted is because your CLI PHP is either not PHP 5.3 and above, or does not have openssl installed.

    Try changing your cron job for 'scheduled.php' to the following instead:

    curl -L -s http://your_sendy_installation_url/scheduled.php > /dev/null 2>&1

    So the cron job uses curl instead of php to execute the scheduled.php script.

    Hope this helps.

    Best regards,
    Ben

  • Vote Up0Vote Down SenDeeSenDee
    Posts: 5Sendy user

    Hi Ben,

    This worked indeed. Thanks!

This discussion has been closed.
All Discussions