Are there any risks with an "unsubscribe" link in e-mails that never expires?
The e-mails are sent to customers. The token used to unsubscribe the customer will include a customer ID encoded using JSON Web Tokens (JWT) tokens.
Thanks
Asked
Active
Viewed 420 times
1
-
"*In emails*"? Are you really asking about a link that would be included in every email sent to a mailing list? What would be the rationale to make it expire? It would only mean users would have to wait for another email or use a different means to unsubscribe. – techraf Jun 10 '16 at 03:31
-
Related: http://security.stackexchange.com/questions/115964/email-unsubscribe-handling-security – rink.attendant.6 Jun 10 '16 at 03:54
-
The only reason I can imagine is resource related. If every link is customized then a database has to map these links onto the user account that is allowed to unsubscribe via the link. Btw, this is not session-management related? – Silver Jun 10 '16 at 10:25
1 Answers
2
I can not see any real disadvantage for your users. The worst that could happen to them would be to have to resubscribe.
Note that with the current efforts put in anti-SPAM regulations and controls, every one with a mailing list should be extremely careful to properly maintain it. You certainly much prefer to have someone opt-out than having them report your message as SPAM.
Julie Pelletier
- 1,919
- 10
- 18