Unsubscribe

The opt-out process starts with a personal link that each subscriber can find in newsletters.

What's inside

Note: since February 2024, Gmail and Yahoo mail services announced new requirements for senders.
These new requirements for bulk senders (those who send more than 5,000 messages to Gmail or Yahoo addresses in one day) need to be satisfied or it may result in rejecting message delivery to their customers.
Read more on SPF, DKIM, DMARC dedicated page.

The One-Click Unsubscribe standard (RFC 8058) required by Google, Yahoo, and so on is already implemented by the Newsletter plugin via special meta data added to every newsletter.

How It Does Not Work

We do not support an unsubscribe form to be published on your site. The unsubscribe process always starts from a newsletter with a special link. See more below.

How It Works

On every newsletter sent you should include the unsubscribe link. This link can be genetared by our Footer block or by creating a link using a special tag as URL: {unsubscription_url}.

This tag is replaced with a custom URL (for each subscriber) when sending the newsletter (or any message created by the Newsletter plugin).

When the subscriber clicks the link, a message is shown asking for confirmation. This message must contains the unsubscribe confirm button, generated by the shortcode [newsletter_unsubscribe_button label="..." /].

The default configuration of the Newsletter plugin has everything already in place.

You can anyway configure the message changing it on Newsletter/Subscribers/Unsubscription page.

Old installations may present a custom message with a link to confirm instead of the button: please revert the message to the default one and the custiomise it once again, using only the button.

The Resubscribe

You may want to offer to resubscribe if the subscriber canceled by error. The goodbye message is the right place where to put it, adding a button with the shortcode [newsletter_resubscribe_button label="..." /].

This link restores the confirmed status and shows the “reactivated” message.

The Goodbye Email

You can optionally send a goodbye email to those who cancel the subscription and on that message, you can use the {reactivate_url} tag to offer the option to step back and reactivate the subscription.

That option is no more recommended because those messages could be considered unwanted communication and marked as spam.

The List-Unsubscribe headers

List-Unsubscribe header is a special (hidden) meta information (RFC 2369) added to emails when sent to a list of people, like a newsletter.

That header contains “instructions” to unsubscribe, which can be used by email clients (like Thunderbird, Gmail, Outlook, …) to show an unsubscribe button.

Not all email clients support it and, even if supported, it is not always shown.

Starting by February 2024, major email providers require the presence of those headers. The Newsletter plugin is conformant.

The Special List-Unsubscribe-Post Header

The Newsletter plugin adds even the List-Unsubscribe-Post (RFC 8058) which should prevent unwanted cancellations due to link scan by bot.

Office 365

It was reported that Office 365 SMTP does not allow (or could be configured to now allow) emails containing the List-Unsubscribe header. If you use that service and have delivery problems, you can try to disallow the header.

Cancellation via email request

The List-Unsubscribe header specification supports even an email address. It is a deprecated option by email providers. You can specify that address and email clients can use it to send a cancellation request to that email.

You should process those emails: they cannot be intercepted by the Newsletter plugin.

A bit of story: in the past and they are still used, the distribution lists were managed by special email messages. Sending a message with “subscribe” in the subject and to a special address was used to subscribe to a mailing list. In a similar way, sending a message to the same management address with the subject “unsubscribe” was used to cancel the subscription.

About Automatic and Unwanted Unsubscribe

To deal with mail scanners triggering unwanted cancellations, please review the unsubscription configuration: if the texts are customized and the link to “confirm” the unsubscription is still present, it means you’re using an older version of this tool. Revert them to the default ones: you’ll see there is a shortcode now. That will generate a button, which is much harder to follow by bots.

Likewise, on the profile page configuration, revert to the default text. The unsubscription link has been removed and the profile form placeholder is now a shortcode as well.

If you get reported by one of your subscribers about “unwanted opt-out”, you’re not alone. From time to time it happens that a subscriber finds his subscription canceled even if he is 100% sure he didn’t trigger it.

That is usually due to spam checkers or antivirus software following the unsubscribe link on newsletters. This also explains why it happens to some subscribers only and not to everyone. Unfortunately, this is a general problem not limited to the Newsletter plugin.

With the collaboration of an old-time user, who experienced this problem after years of newsletters sent with our plugin, we took the time to deeply check that specific case.

We analyzed all the available logs, from those of Newsletter to the ones of the web server, and the origins of the subscribers (mostly from big companies).

The results were clear: all cancellations started from IP addresses assigned to Microsoft Azure data centers. Probably all those subscribers (with different domains) were using cloud services to manage the mail and almost surely running antivirus or antispam applications. Those kinds of software can deeply scan the email content, follow the contained links, and behave like real browsers.

A deep check of the web server logs revealed that the traffic from those data centers’ IPs was not distinguishable from real traffic, since the User Agent was set in a way it cannot be detected as a bot. This is, of course, an obvious choice to avoid being filtered by scammers.

Moreover, we verified that the bots were not only “following a link”, but they executed the antibot JavaScript making HTTP POST requests, ultimately making it harder to block them.

Working at the IP level is a possible solution, but traffic can come from data centers as well, since many companies use proxies for their normal traffic, so an IP from Azure does not mean automatically a bot.

Tech note

If you look at the source of a newsletter, you should find something like:

      List-Unsubscribe: <https://www.yoursite.com/?na=ocu&nk=...>

where the “…” is replaced with a unique subscriber token. If the header is not there, probably it has been removed by the mail service of your provider.