Article aside, it's much better to have a one-click unsubscribe that just works.
It's an edge case that someone will unsubscribe from someone else's mailing list or click it by mistake, so making every single person (99% who are unsubscribing on purpose) confirm, log in, enter their address or receive a confirmation is an infuriating waste of time.
The best way to mitigate this is a simple "You unsubscribed whatever@gmail.com", with a little undo button in case it was a mistake.
And if all this still goes wrong... if the person liked your newsletter enough, they'll figure out what happened when they stop getting it.
(Side note: I've really been hoping GMail and other clients would accept a URL in email headers that would handle unsubscribe, so they could add a button to the UI. I know that's oversimplifying everything, but it would significantly improve the email experience.)
> so making every single person (99% who are unsubscribing on purpose) confirm, log in, enter their address or receive a confirmation is an infuriating waste of time.
If you are in the USA, it is also illegal. The CAN-SPAM Act[0] specifies that you can't ask the user for more than their email address[1]:
> "You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request."
If I click an unsubscribe link and it doesn't instantly unsubscribe me, I don't bother with the process, I just mark all future mails from that domain as spam.
> And if all this still goes wrong... if the person liked your newsletter enough, they'll figure out what happened when they stop getting it.
Not necessarily, unfortunately. As an example, take emails advertising pre-sale tickets to events, sent to people who have signed up specifically to have access to buy tickets before the general public.
If their friend is able to unsubscribe them, they don't get the email and miss the pre-sale access. Even if they do realise and resubscribe, there's a good chance they'll have missed the pre-sale period anyway (which only lasts a few days).
That's one of many examples that make "not to worry they'll just resubscribe" not quite work properly.
> The best way to mitigate this is a simple "You unsubscribed whatever@gmail.com", with a little undo button in case it was a mistake.
In addition to this, it's worth putting "This email was sent to whatever@gmail.com, unsubscribe by clicking here" in the email.
Eg, "I hate your political ideology. I'll unsubscribe you from the site you forwarded me an article from."
I'm sure that kind of threat is minimal and easily corrected, but the OP's suggestion of hiding it somewhat addresses that. It doesn't eliminate the threat of course, but it doesn't put it under their nose.
> I've really been hoping GMail and other clients would accept a URL in email headers that would handle unsubscribe, so they could add a button to the UI.
GMail offers to unsubscribe you if you mark something as spam and it's able to detect how to unsubscribe.
It reduces the number of buttons on the screen, which is a good thing, but I feel bad about potentially harming a companies credibility by clicking spam as a shortcut to unsubscribe if Google can't figure out how to unsubscribe.
Honestly, I just like having them email me when I've unsubscribed. That way, if somebody else does it, I know because I receive a notification.
If I'm unsubscribing from a spammy newsletter, I don't mind them sending exactly one "unsubscribe confirmation" email immediately that I can then have in my records later on in case I forget whether or not (or when) I unsubscribed.
That actually drives me nuts about Mailchimp in particular, and I've seen a good number of folks grouse about it on Twitter. Interesting to see someone having the complete opposite opinion about them.
The only such notices I've been truly annoyed by are the ones that say "now please wait 6-8 weeks for your unsubscribe request to be processed".
Otherwise, it's really a very small thing to deal with. And it can be nice to have that email in your archive for future reference, like if they start spamming you again.
Same here, doesn't bother me either. I think the people it bothers might be bothered partly because they were annoyed at being spammed in the first place, and this is just another drop in the bucket. Sure, it'll trigger annoyance, but the real cause lies elsewhere.
After reading the linked article and thinking WTF-hows-that-supposed-to-work, then reading the linked article, and reading the linked article again, I think I found the big caveat: It relies on unstandardized undocumented behavior of some email clients. Specifically, it doesn't work in Gmail.
But the problem actually seems real, makes me glad that I am not an email marketer. If you provide a one-click unsubscribe to your users, you don't want them to give somebody else that link. Reading through this HN thread, I see two and a half other solutions mentioned:
(1a) Require users to enter their email address on unsubscribe.
I hate that one because frequently it's really hard to figure out at which of my email addresses the message first arrived.
(1b) Require users to confirm the unsubscribe
The better version of the unsubscribe forms from alternative (1) have the email address pre-filled, which wouldn't stop someone who knows what they are doing from unsubscribing others. But it gives those unsubscribing others unintentionally a hint about how they ended up with that message.
(2) Send an email confirmation after unsubscribe
This way you can just re-subscribe if one of your friends unsubscribed you. Looks like some people in the discussion below like this approach, others hate it.
If I had to pick, I'd probably chose (2) because that's the only way of making sure an accidentally unsubscribed user notices what happened.
As a developer who has to do some email marketing, I can say "It doesn't work in Gmail" is a shame, but not a non-starter.
If you're used to HTML5 and CSS3, HTML for email will make your eyes bleed. Many CSS2 (!) attributes have quirks, few are cross-email client compatible. It's recommended that you inline your CSS, rather than using a <style> block, to ensure that it works as widely as possible. Even the <p> tag is considered a no-no as not every client renders it properly.
So while this doesn't work in Gmail, the <p> tag doesn't work in Yahoo!. #fml
If you want to take this even further, here are a couple of other suggestions:
Require confirmation instead of one-click unsubscribe**
Even better - allow unsubscribes by having the user take a photo of themself next to a handwritten sign with today's date, their email address and a request to be unsubscribed. Then you know it wasn't an accident!
Normal people forward silly jokes, or fake virus warnings, or fake cancer donation calls and stuff like that. Not sure it is that hard. Perhaps you could even monitor popular news sites for trending memes (for example trending YouTube videos).
As long as it's possible to work around this, it's OK. I have far too many 'academic conference' emails (no longer an academic, so I don't want them) where it's hard to unsubscribe because I'm getting the email from a chain of forwarded address (many of which I can't actually send mail from anymore).
One less technical way I've seen this handled is with a footer something like:
----
If your friend or colleague has forwarded this to you
and you would like to SUBSCRIBE to our mailing list,
click here.
If you are the subscriber (THEIR@EMAIL.ADDRESS) and
would like to unsubscribe, click here.
----
The unsubscribe page also has large text with the e-mail address that has been unsubscribed and an undo button, and the unsubscribed account is sent one more e-mail (after a short period) confirming the unsubscription with a link to re-subscribe if they want to.
It doesn't prevent malicious unsubscription, but help to prevent or reverse accidental unsubscriptions of the type in the article. It also "works" in all email clients.
The e-mail address and undo button on the unsubscribe web page would help. Or maybe add a title, something like:
----
HOW TO SUBSCRIBE OR UNSUBSCRIBE
----
If your friend or colleague has forwarded this to you
and you would like to SUBSCRIBE to our mailing list,
click here.
If you are the subscriber and would like to
unsubscribe THEIR@EMAIL.ADDRESS, click here.
----
> The Litmus team discovered these silent unsubscribers when they noticed a long-time fan removed himself from the Litmus newsletter after sharing an email with 85 of his coworkers.
What an idiot.
People here seem to think unsubs might be malicious; they don't seem to think that people getting email don't want it and just click any unsub link they see. Don't forget that the vast majority of people are hopeless with computers.
Anyone sending email to me along with 85 other people, especially if it's something like the Litmus product, is going to annoy the fuck out of me.
I'll admit I've clicked the unsubscribe link in a bid to stop the original sender from getting emails that they subsequently forwarded to me. Worked like a charm and prevented them from getting upset when their upset would have caused trouble.
I knew someone would say that, but no it's not (not even close!) because it was just a way to stop the stream of garbage without offending someone in a delicate situation. There was no component of aggression.
I guess you're entitled to your opinion, but unsubscribing someone from a newsletter because you don't want them to see things they might want to forward to you is definitely passive aggressive in my book (and also not terribly nice, IMHO).
He could have just installed an email filter instead. Though I can imagine a situation in which confronting the sender might be worse. Frankly, I don't understand why people really case so much about manually forwarded junk. I mean, it's trivial to identify; I don't even open it if I don't care, usually. Since it's manual, it's unlikely to turn into a real flood, so I've never noticed this to be a problem...
Litmus has some very clever code. When they first released their analytics feature, I reverse engineered it because I couldn't believe they could track forwards. Their "time spent reading message" was another cute hack.
Agreed, at best they're useful as a relative measure (version A of the message got more reported forwards/prints/whatever than version B). I doubt the raw numbers are anywhere close to correct. Heck, it's hard enough to track "opens".
Wouldn't requiring inputting your email address and then pressing an ubsubscribe button work? That way when the forwarded user tries to unsubscribe, they know they aren't subscribed.
Even working on the copy text would decrease accidental unsubscribes.
Something as simple as "This email was sent to somebody@example.org, if you are this person click here to unsubscribe somebody@example.org" then display the email address again prominently on the unsub page
Particularly when the subscribed user has several email accounts that all forward to another. It is a pain in the ass to click back and figure out exactly which address something came from.
If you have a look at the article, linked from the article, they are hiding the un-subscribe link when the link is inside quotes.
For me, the emails that get forwarded to different accounts (due to email rules), don't have quotes, so the link will show. But pressing the forward button will put quotes around the entire email, so the link won't be shown.
In saying that, there are probably some email setup out there, that doesn't work like mine, and just happens to wrap every email that it displays in quotes...
I don't know if it is a problem with their system, but it has been an issue numerous times with other systems for me.
I don't see how their system would solve the issue that occurs with this system: "inputting your email address and then pressing an ubsubscribe button" If I have to input my email address, I have to determine which email address I have to input.
This is possibly in violation of CAN-SPAM:
You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request.[1]
Uh, the section you quoted says you can't ask for anything beyond an email address. It's perfectly fine to ask for an email address. (Though I don't think it's a good idea unless you prefill the box)
I think that's an overly narrow interpretation of "visiting a single page". I've seen very prominent providers who've definitely been around long enough to know the legalities (the hard way) use the "enter your e-mail address" approach.
When I click "unsubscribe", I expect to be unsubscribed. If I just get a page that invites me to enter my email, which the page should know already, I find it's easier, and vastly more satisfying, just to mark the mail as spam.
Ok, if we are going to start using that "mark as spam" button to punish people, maybe then I should go sign up for your comms.io "tell me when the product is ready" mailing list using a bunch of Hotmail and Gmail accounts, and mark your messages spam on all of them when I receive them.
I mean, if we are going to use that button to feel "satisfied" by punishing others whose business practices we or actions we disagree with, rather than to actually mark, you know, actual spam that we shouldn't have received in the first place, why not include some old fashioned tit-for-tat, right?
Seriously: you are abusing the right to be part of a collective spam filter by interpreting the rules of that law in that way. You aren't even doing it in a way that other users of that spam filter are going to obviously appreciate: a lot of people (heaven forbid) actually like receiving the email we sign up for.
Have I "abused" your internal mental rules of email behaviour? I don't care. Perhaps it's analogous the way that you have abused the downvote feature on HN to express your disagreement with my point, but I think I have more justification.
Actually, spammy behaviour by "legitimate" senders should be punished, and they will get the message. Unsubscribe should be one-click - email users have enough on their plates already, and if I have done something, however small, to improve the behaviour of mailers, I feel great about that.
Regardless, I happily admit to having personally downvoted your comment (although I think I accidentally upvoted your response to dubcanada :() under any set of rules: your comment expressed, not just matter-of-factly, but with a sort of vindictive glee, that you were happy to interpret that law however you wanted, and then use a vaguely related collaborative system to enact your personal punishment on others, despite how other people using that system may feel.
In so doing, your comment didn't address either of the points made by its parent: 1) that that seems to be a narrow definition and 2) that major providers seem to believe that this is fine, and they are large enough to probably know what they are doing. If anything, your comment admits that it is wrong, but that it somehow more personally satisfying to do the thing you want to do regardless. If I can't downvote you for that, I'm not certain why we have downvotes at all ;P.
> Actually, spammy behaviour by "legitimate" senders should be punished, and they will get the message.
The situation here is not "spammy behavior". Even if the behavior in question violated that law (which it does not seem to), that still wouldn't make the result "spam". When you combine this with your interpretation of that law being somewhat fringe, using the word "spam" here loses meaning.
> Unsubscribe should be one-click - email users have enough on their plates already, and if I have done something, however small, to improve the behaviour of mailers, I feel great about that.
Even if you believe that "encourage behavior" is a legitimate usage of the shared spam filter you are participating in, you have to realize that the behavior you are thereby trying to encourage is really problematic: it's like encouraging websites to just tell anyone your password when they click the "I forgot my password" button.
The various threads on this post have demonstrated multiple cases, some malicious, some benign--and even some from people who claim to be benign but don't pass the "would the person I'm doing this to consider it malicious" test--as to why "click link with no verification of any kind" should not instantly unsubscribe you from these mailing lists.
Moving further into "even if": even if (and I maintain that this is just wrong) you decide "spam filters should be used to determine whether people are in compliance with the CAN SPAM Act", the law states you are actually allowed to have interfaces that include "menus" as part of the opt-out to determine what should be opted out of (as you may want to continue receiving some e-mail, but not things like that).
Meanwhile, the law seems perfectly happy to not even require a link at all: you are actually allowed to require the user to send you a message in reply asking to be removed (in reality, it doesn't even mention having a website at all). Further, the law actually states you can continue to receive mail for 30 days after you initiate the opt-out.
Honestly, in a perfect world, it would seem to be that no e-mail would ever contain an unsubscribe link, and would tell the user "if you want to unsubscribe, reply to this e-mail and tell us you want to be unsubscribed"; there are ways (involving usage of e-mail headers that affect the reply to and return paths) to make forwarding the e-mail then safe against benign mistakes made by friends, and fairly secure against malicious attacks made by people you forward the e-mail, in ways that the link are not (as evidenced by the premise of this article).
As I can find no reference to this in the guidelines, I guess this unofficial statement is the best we will get. Not a good policy - it's non-standard, and encourages the wrong kind of behaviour, but in the case of HN I will concede the point.
> that you were happy to interpret that law however you wanted
I am not interpreting any law. What someone does with their own mail client is between them and their provider - and that's in the cases where marking as spam is even sent to the provider, which is not the standard behaviour.
> if you decide "spam filters should be used to determine whether people are in compliance with the CAN SPAM Act", the law states you are actually allowed to have interfaces that include "menus" as part of the opt-out to determine what should be opted out of (as you may want to continue receiving some e-mail, but not things like that).
You seem to imagine that "spam" is purely a legal definition because there exists an act of congress that seeks to limit it. The term long predates the act, and the capabilities we have developed to fight it do not depend on the specifics of US law. Do I, or any regular mail user, care that the law allows menus? No, make us jump through hoops and we get mad. Or "gleefully vindictive", if you're feeling fragile.
> the law actually states you can continue to receive mail for 30 days after you initiate the opt-out.
Which is why we do not rely on that particular law in the fight against spam.
But in fact, for most mail users actual spam is not a big problem. Gmail has great filters for example, and very rarely do most power users need to trawl through their spam folder for mis-filed messages. For most users, spammy behaviour by "legitimate" senders is much more pressing. If people really love your content, one-click unsubscribe is not going to keep them from it. If you put obstacles in the way of unsubscription, if you make it easier for them to mark you as spam (or filter you out, whatever), they will do so. My time, and the time spent by millions of mail users, is worth something, and is not to be wasted by mass-mailers' borderline behaviour.
So if you are one of these, I suggest you to give serious consideration to the hard-pressed user's experience of email.
> As I can find no reference to this in the guidelines, I guess this unofficial statement is the best we will get. Not a good policy - it's non-standard, and encourages the wrong kind of behaviour, but in the case of HN I will concede the point.
This is actually the same problem in another setting: the downvote has a kind of meaning, and you disagree with it; if you don't use the downvote in the way that everyone else does, your data damages the results for everyone else.
> You seem to imagine that "spam" is purely a legal definition because there exists an act of congress that seeks to limit it.
No, in fact, I maintain that the CAN-SPAM act does not define "spam" (in fact, I believe it explicitly said it would refuse to define "spam"), and that thereby failure to address the rules of that law (which is how this thread was born) also does not define spam. You thereby cannot claim that things related to that law (or even your personal stretching of that law) define "spammy behavior".
> Do I, or any regular mail user, care that the law allows menus? No, make us jump through hoops and we get mad. Or "gleefully vindictive", if you're feeling fragile.
If you really don't want to receive their mail, you should add them to your kill file. Hell: if you didn't want to receive their mail in the first place, maybe you shouldn't have signed up for it ;P. (Remember: the laws on this matter don't apply to people who are contacting you out of the blue with no prior business relationship. If someone is doing that, they they are outside of the scope of this entire conversation, and in fact are probably "spam" no matter how their unsubscribe links are implemented.)
> Gmail has great filters for example, and very rarely do most power users need to trawl through their spam folder for mis-filed messages. For most users, spammy behaviour by "legitimate" senders is much more pressing.
Gmail only has great filters until enough people like you ruin their data set by including things that are not spam into the list of things that are spam.
> For most users, spammy behaviour by "legitimate" senders is much more pressing.
No. This seems to be the position of a rather small minority of people who get really really angry on public forums about how e-mail is implemented. The majority of people you see talk about spam and the problems of spam claim that the issue is that if their e-mail address becomes at all public (such as on a mailing list, where you should expect it to be public), they suddenly start receiving large quantities of e-mail from random senders or even pretending to be their friends, neither of which can be stopped with a kill file (the correct solution if you personally just hate one specific company).
> If people really love your content, one-click unsubscribe is not going to keep them from it. If you put obstacles in the way of unsubscription, if you make it easier for them to mark you as spam (or filter you out, whatever), they will do so.
I don't send e-mail to anyone except for password resets, so you have shifted the argument. I am claiming that as a receiver of mail, I don't want people like you screwing with the spam filter to make totally legitimate mail, mail that even includes unsubscribe links that are in perfect compliance with the laws that many people argued over having, mail that I asked for and wanted to receive and would be sad that I don't, accidentally end up not being sent to me because I forwarded it to my friend Pat, and he accidentally (or purposely) clicked the unsubscribe link: that is a security issue, and should be addressed as one.
You do know that email clients send an email to the email sender that gets recorded correct? For example if you press Mark as Spam in hotmail. And AOL sent you the email using MailChimp, you will show up as "spam" in MailChimp.
That also gets dinged against the sender and an account can be suspended if its too high.
It improves their behaviour. I have lost count of the number of mailing lists I have had to unsubscribe because I simply used their product, without explicitly asking to be put on the list. That's spam, whether they bought my email, or just took it from some other list that they legitimately had.
MailChimp etc are for messages you explicitly sign up for.
I think you would be surprised by how many people 1) Have multiple email addresses forward to one inbox and 2) Don't know how to check what address a particular message was sent to.
I regularly see people reply to our messages and ask us to remove an address that we never sent anything to... (and we have a prominent one-click unsubscribe on every message!)
This reminds me of why I am glad I have plain-text mode enabled in Thunderbird. I do not want my emails to be webpages, and I do not want email senders using clever tricks to determine how I see my emails, and how my recipients see them.
This problem is much better solved with an unsubscribe followup email containing a re-subscribe link.
Read the linked article. Email clients wrap the contents of forwarded messages in a <blockquote>, you just have to use CSS rules to hide the contents of a "blockquote yourfooterclasss" while otherwise showing yourfooterclass by default.
EDIT I actually meant "read the article linked from the linked article" — I too spent a good minute there trying to find out their solution.
It varies between mail clients, but they generally put the forwarded part of the message in either a blockquote or a div with a class that can be targeted. It's how the vertical blue line is produced for the quoted portion.
Basically most e-mail clients change the dom structure in some way when you forward an email (like wrapping the original in a div). Write some CSS rules that require an unmodified structure to show the unsubscribe button.
> To unsubscribe, send an empty message to unsubscribe@...
Though it might be difficult to understand for less technically minded users, and might be a problem if you don't know what address the mail was sent to.
But I like my email client (say gmail), I don't want to use someone else's half-baked solution. And especially the highly engaged users would have to copy-and-paste the 85 email addresses they forward to.
I was thinking the person would click on the mailto link and it would open up in their default email client. From there they could add the contacts from their contact list.
It's an edge case that someone will unsubscribe from someone else's mailing list or click it by mistake, so making every single person (99% who are unsubscribing on purpose) confirm, log in, enter their address or receive a confirmation is an infuriating waste of time.
The best way to mitigate this is a simple "You unsubscribed whatever@gmail.com", with a little undo button in case it was a mistake.
And if all this still goes wrong... if the person liked your newsletter enough, they'll figure out what happened when they stop getting it.
(Side note: I've really been hoping GMail and other clients would accept a URL in email headers that would handle unsubscribe, so they could add a button to the UI. I know that's oversimplifying everything, but it would significantly improve the email experience.)