Automated "Remove Me" link

My company sends out a few opt-in newsletters every week. Currently, requests to be removed from the list are processed manually. I am designing an automated removal system to take some burden off our staff, and to make it more reliable and timely.

The method I decided upon was to embed a personalized link into each copy of a newsletter, containing a get variable corresponding to their email address (http://www.domain.com/removals.nsf/removalform?open&address=anon%40unknown.com). The emails are already composed in lotusscript, so this isn’t difficult. However I want to prevent potential abuse, by encoding the email address in such a way as to make it difficult for a malicious individual to send a large number of unsubscribe requests for people other than himself.

I was thinking originally of using the @Password command to hash the address, but I would then have to do a lookup of the hashed value against all existing email addresses. This doesn’t seem efficient, or particularly reliable. I think it would be faster and more reliable if I could decode the coded email address directly. Can anyone suggest to me a method for accomplishing this?

Subject: Automated “Remove Me” link

Why can’t you use an @Password hash? Just set the column formula in the view to

@Password(EmailAddress)

The lookup would be “instantaneous”

Subject: RE: Automated “Remove Me” link

Well, each of our newsletters sends from a different contact database, and one combines a contact database with a few email groups. It would be complicated to manage where to do the lookup. And in the case of the email groups, slow. Also, if a person had been removed from our database (unsubscribed or deleted manually) and then they tried to unsubscribe again, I could not determine the email address. Thats not a big problem, but the message it displays to them should probably say what specific email address was not found in our database.

Subject: RE: Automated “Remove Me” link

First of all, I only just now noticed that you were trying to do something that will probably not work - I trust Ben on this one

See: http://www-10.lotus.com/ldd/nd6forum.nsf/ShowMyTopicsAllFlatweb/6bfec02fc53628dd8525738c005fe34f?OpenDocument

However, you can probably achieve something similar by using a mailto URL to request removal and have a mail-in database collect the removal requests.

You can construct the remove me link like so:

“mailto://remove@domain.com&Subject=contactdb=” + @Password(@Subset(@DbName; -1)) + “&address=” + @Password(SendTo)

assuming that @DBName comes from the current contact database and that SendTo contains a single e-mail address of the user that will receive the mail and potentially respond with a removal request.

Then, you can have an agent processing the mail as it comes in and examining the Subject line, pulling out the resulting parameters.

Alternatively, you can have an agent called RemoveMe (make sure no other design elements are named “RemoveMe” so that you don’t have to explicitly call ?OpenAgent) and construct the URL in a similar manner:

“http://www.domain.com/removals.nsf/RemoveMe&contactdb=” + @Password(@Subset(@DbName; -1)) + “&address=” + @Password(SendTo)

The downside of this is that you have to allow anonymous access to run the agent - not sure if that is an option (I assume not).

In any case, you should be able to create a view in whatever database is used to process the request (either the mail-in database or removals.nsf) that contains a series of config documents with the various databases that are used to send mail out and whose lookup column contains the formula

@Password(DatabasePath)

The contact database that is located in the path defined by DatabasePath would in turn, have its own lookup view that hashes the user’s e-mail address

@Password(EmailAddress)

The processing should be straightforward from then on.

Subject: RE: Automated “Remove Me” link

I appreciate your help and advice. I have read over the thread that you referred me to, but don’t see how it applies. As I understand, Ben was trying to compose the form with an other default Subject field passed by the URL, without makig any change to the target form. I have full control over the forms and agents involved here, so its no problem to pass the encoded email variable through the url.

I could do it a number of ways, the way I originally intended was to have a form (with a @URLQueryString(“address”) computed field) at the link destination with a webqueryopen agent to perform the decoding of the email address, and do the confirmation/removal work. I had considered using an agent as well, as you suggested, but decided that there was no need to compose the webpages through an agent when a form would work.

In your final suggestion, I would still have a problem with the newsletter that uses a set of mail groups. I would have to scan through that list and perform all the hashes on a schedule I suppose and cache the results for the lookup. It just seems a lot of pain could be avoided if I could just decode the email address variable with a secret key or something similar.

Subject: RE: Automated “Remove Me” link

The way I see it is that you can either hash/encrypt ahead of time (before constructing your e-mail) in which case @Password is probably just as good as any home-grown method, or you can do it on the client when the link is opened. But doing it on the client will necessarily expose the encryption method in the JavaScript code and might defeat your plan to not allow people tio unsubscribe.

So, since you do have access to the form design and can parse the Query String when the form opens, you can still construct the link using @Password

“http://www.domain.com/removals.nsf/removalform?open&contactdb=” + @Password(@Subset(@DbName; -1)) + “&address=” + @Password(SendTo)

Alos, for your issue with mail groups, as long as you have the mail addresses that each group uses in one multi-value text field, you can “explode” this field in a sorted column to make your lookups work. Then, each contact database would need to have two views (one selecting individuals and the other selecting groups) or you can actually combine them into one view with the following selection formula:

Select Form = “Individual”:“Group”

and the following formula in the first column:

@If(

Form = “Individual”;

@Password(EmailAddress);

@Password(EmailAddresses)

)

and just make sure that you show multiple values as separate entries.

Subject: RE: Automated “Remove Me” link

Ah, that is an interesting idea. I hadn’t thought about putting the groups into a lookup view like that. Thanks for all your help, I will pursue that.