Ah, if you can unsubscribe with one click, maybe even without logging in. What stops evil Bert over there from unsubscribing you? Sure, there might be some (session) token involved, but that could have been sniffed or brute-forced.
Actually mailing lists do it right, have the subscriber confirm his action by clicking a link in a confirmation mail or such. I think that's called double confirmation.
Actually mailing lists do it right, have the subscriber confirm his action by clicking a link in a confirmation mail or such. I think that's called double confirmation.