Skip to content

Unsubscribe URL in plain text

edited April 2015 in Troubleshooting

Hi Ben,

I have just updated to Sendy 2.0.2. I am already using PHP 5.3 and OpenSSL 1.0.

phpinfo shows following:

 PHP Version 5.3.29
 OpenSSL support    enabled
 OpenSSL Library Version    OpenSSL 1.0.1e-fips 11 Feb 2013
 OpenSSL Header Version     OpenSSL 1.0.1e-fips 11 Feb 2013 

My unsubscribe link is still in plain text. I have tried several test mails today using two different tags "" and "[unsubscribe]". Both are still in plain text.

What could possibly be causing this? I need to fix this in priority.

Lately I am seeing lots of unsubscribed mails. Not sure if receiver did it on will or somebody did it for them. Also hoping that link will be different after encryption. Otherwise, people who have idea of the URL can still do silly unsubscribe regardless of encryption.

For example:

Plain unsubsrice link is: /unsubscribe//
With encryption, this link will be unreadable... something like : sdfsdf%DSKSDJFSDFasdf9asdff$%Dfasdfasdfsdf=@#sdf
However after encoding and decoding, the link still remains the same right? It only goes through few extra steps to encode and decode the same link.

In that case what crossed my mind is somebody who have idea of old plain text unsubscribe URL will still be do their old trick regardless of encryption by simply pasting the old plain URL with different email addresses.

Waiting to hear from you soon.

Regards,

Comments

  • Hi,

    My unsubscribe link is still in plain text. I have tried several test mails today using two different tags "" and "[unsubscribe]". Both are still in plain text.

    Can you clarify what do you mean by "plain text". Can you paste a sample and working unsubscribe link in your next reply.

    Unsubscribe links are encrypted and decrypted, no one can just change the URL to unsubscribe others. And only the recipient can unsubscribe from their own email.

    Thanks.

    Best regards,
    Ben

  • edited April 2015

    Hi Ben,

    I am still seeing this: http://my_sendy_url/unsubscribe/name@domain.com/3/ea

    Not the encrypted one.

    All I have to do is to change the email in this link. Have tested it myself and it works. It doesn't even ask permission or any kind of preventive mechanism like sending a real unsubscribe link to said mail (something like double opt-out mechanism).

    Actually I was unaware of this problem until somebody unsubscribed me myself from my own list.

    Thanks!

  • BenBen
    edited April 2015

    Hi,

    First of all, please see ? https://sendy.co/forum/discussion/1344/encrypt-subscriber-emails-in-unsubscribe-url/p1

    I checked your phpinfo and saw that you're using PHP 5.3.29 and have openssl installed on your server, so the reason why your unsubscribe link is not encrypted is because your CLI PHP is either not PHP 5.3 and above, or does not have openssl installed.

    Try changing your cron job for 'scheduled.php' to the following instead:

    curl -L -s http://your_sendy_installation_url/scheduled.php > /dev/null 2>&1

    So the cron job uses curl instead of php to execute the scheduled.php script.

    Hope this helps.

    Best regards,
    Ben

  • Hi Ben,

    This worked indeed. Thanks!

This discussion has been closed.