Unsubscribe

The opt-out process starts with a personal link that each subscriber can find in newsletters.

What's inside

Note: since February 2024, Gmail and Yahoo mail services announced new requirements for senders.
These new requirements for bulk senders (those who send more than 5,000 messages to Gmail or Yahoo addresses in one day) need to be satisfied or it may result in rejecting message delivery to their customers.
Read more on SPF, DKIM, DMARC dedicated page.

To deal with mail scanners triggering unwanted cancellations, please review the unsubscription configuration and if the text are customized and still use the links to “confirm” the unsubscription, revert them to the default ones: you’ll see there is a shortcode now, that generates a button, much harder to follow by bots.

On the profile page configuration, revert to the default text and you’ll see the unsubscription link has been removed and the profile form placeholder is a new shortcode.

The One-Step Unsubscribe (NO MORE AVAILABLE)

This unsubscribe option has been removed to deal with mail scanners.

Do not confuse this configuration with the One-Click Unsubscribe standard (RFC 8058) required by Google, Yahoo, and so on. That standard is already implements by the Newsletter plugin adding special meta data to every newsletter.

With this working mode, clicking on an unsubscribe link produces immediate cancellation. The subscriber sees a goodbye message and no other actions are required.

The one-step version offers less protection against mail scanners and it can lead to unwanted unsubscriptions.

The unsubscribe links produced by the tags {unsubscription_confirm_url} and {unsubscription_url} works the same way when set in one-step mode.

The Two-Step Unsubscribe

With this working mode, clicking on an unsubscribe link brings the subscriber to a confirmation message, where it should click on a link or a button to complete the cancellation.

Then the process proceeds exactly as the one-step version.

The confirmation message that is shown when the two-step unsubscribe is selected

The confirmation message can be customized. Add a link or a button to be clicked to confirm:

  • a button can be inserted with the shortcode [newsletter_unsubscribe_button lable="..." /]
  • do not use this optiona link can be inserted with the editor setting the URL to {unsubscription_confirm_url} (that placeholder will be replaced with the correct URL)

The Resubscribe

You may want to offer to resubscribe if the subscriber canceled by error. The goodbye message is the right place where to put it, adding a link using the URL generated by the {reactivate_url} tag or a button generated by the shortcode [newsletter_resubscribe_button label="..." /].

This link restores the confirmed status and shows the “reactivated” message.

The Goodbye Email

You can optionally send a goodbye email to those who cancel the subscription and on that message, you can use the {reactivate_url} tag to offer the option to step back and reactivate the subscription.

That option is less widely used than in the past probably because those messages could be considered unwanted communication and marked as spam.

The List-Unsubscribe headers

List-Unsubscribe header is a special (hidden) meta information (RFC 2369) added to emails when sent to a list of people, like a newsletter.

That header contains “instructions” to unsubscribe, which can be used by email clients (like Thunderbird, Gmail, Outlook, …) to show an unsubscribe button.

Not all email clients support it and, even if supported, it is not always shown.

Starting by February 2024, major email providers require the presence of those headers. The Newsletter plugin is conformant.

The Special List-Unsubscribe-Post Header

The Newsletter plugin adds even the List-Unsubscribe-Post (RFC 8058) which should prevent unwanted cancellations due to link scan by bot.

Office 365

It was reported that Office 365 SMTP does not allow (or could be configured to now allow) emails containing the List-Unsubscribe header. If you use that service and have delivery problems, you can try to disallow the header.

Cancellation via email request

The List-Unsubscribe header specification supports even an email address. It is a deprecated option by email providers. You can specify that address and email clients can use it to send a cancellation request to that email.

You should process those emails: they cannot be intercepted by the Newsletter plugin.

A bit of story: in the past and they are still used, the distribution lists were managed by special email messages. Sending a message with “subscribe” in the subject and to a special address was used to subscribe to a mailing list. In a similar way, sending a message to the same management address with the subject “unsubscribe” was used to cancel the subscription.

About Automatic and Unwanted Unsubscribe

If you get reported by one of your subscribers about “unwanted opt-out”, you’re not alone. From time to time it happens a subscriber finds his subscription canceled even if he is pretty sure he didn’t trigger it.

That is usually due to spam checkers or antivirus software following the unsubscribe link on newsletters. This is why it happens to only some subscribers and not to everyone. And that is a generic problem, not limited to the Newsletter plugin.

With the collaboration of an old-time user, that experienced this problem after years of newsletters sent with our plugin, we take the time to deeply check that specific case.

We analyzed all the available logs, from the ones of the Newsletter plugin to the ones of the web server, and the origins of the subscribers (mostly from big companies).

The results were clear: all cancellations started from IP addresses assigned to Microsoft Azure data centers. Probably all those subscribers (with different domains) were using cloud services to manage the mail and almost surely running antivirus or antispam applications. Those kinds of software can deeply scan the email content, follow the contained links, and behave like real browsers.

A deep check of the web server logs revealed the traffic from those data centers’ IPs was not distinguishable from real traffic, since the User Agent was set in a way it cannot be reverted to a bot. This is, of course, an obvious choice to avoid being filtered by scammers.

Moreover, we verified the bots were not only “following a link”, but they executed the antibot JavaScript making HTTP POST requests, ultimately making it hard to block them.

Working at the IP level is a possible solution, but traffic can come from data centers since many companies use proxies for their normal traffic, so an IP from Azure does not mean automatically a bot.

Tech note

If you look at the source of a newsletter, you should find something like:

      List-Unsubscribe: <https://www.yoursite.com/?na=ocu&nk=...>

where the “…” is replaced with a unique subscriber token. If the header is not there, probably it is removed by the mail service of your provider.