If you get reported by one of your subscribers about “unwanted opt-out”, you’re not alone. From time to time it happens a subscriber finds his subscription canceled even if he is pretty sure he didn’t trigger it.
That is usually due to spam checkers or antivirus software following the unsubscribe link on newsletters. This is why it happens to only some subscribers and not to everyone. And that is a generic problem, not limited to the Newsletter plugin.
With the collaboration of an old-time user, that experienced this problem after years of newsletters sent with our plugin, we take the time to deeply check that specific case.
We analyzed all the available logs, from the ones of the Newsletter plugin to the ones of the web server, and the origins of the subscribers (mostly from big companies).
The results were clear: all cancellations started from IP addresses assigned to Microsoft Azure data centers. Probably all those subscribers (with different domains) were using cloud services to manage the mail and almost surely running antivirus or antispam applications. Those kinds of software can deeply scan the email content, follow the contained links, and behave like real browsers.
A deep check of the web server logs revealed the traffic from those data centers’ IPs was not distinguishable from real traffic, since the User Agent was set in a way it cannot be reverted to a bot. This is, of course, an obvious choice to avoid being filtered by scammers.
Moreover, we verified the bots were not only “following a link”, but they executed the antibot JavaScript making HTTP POST requests, ultimately making it hard to block them.
Working at the IP level is a possible solution, but traffic can come from data centers since many companies use proxies for their normal traffic, so an IP from Azure does not mean automatically a bot.