Jump to content

[Bug] Unsubscribe links are all broken


HeadStand
 Share

Recommended Posts

Clicking on an unsubscribe link redirects the user to the homepage and does not unsubscribe.

This took me FOREVER to figure out, especially because the client who reported it was using SendGrid, which of course rewrites all the links. Until I got access to that and managed to see what was happening...

There is a conflict when IPS email tracking is enabled. Consider this unsubscribe link that is included in a bulk mail:

https://site.com/index.php?app=core&module=system&controller=redirect&url=https://site.com/unsubscribe/?email=esther@headstandconsulting.com%26key=1cd2e20f285199a4351e4037aa7c19b1&key=e6509624eb4aeb5a4a3e8c7e19497d69628204292b4a26d21ac49db305915cc3&email=1&type=bulk_mail&utm_source=connect&utm_medium=email&utm_campaign=website

Note that there are 2 query parameters for both "email" and "key".

\IPS\Email::_parseElementForClickTracking

$url = \IPS\Http\Url::internal( "app=core&module=system&controller=redirect", 'front' )->setQueryString( array(
				'url'		=> (string) $element->getAttribute('href'),
				'resource'	=> ( \IPS\Request::i()->resource ) ? 1 : NULL,
				'key'		=> hash_hmac( "sha256", (string) $element->getAttribute('href'), \IPS\Settings::i()->site_secret_key . 'r' ),
				'email'		=> 1,
				'type'		=> $templateKey
			) );

Adding the HTML click tracking sets the "email" query parameter to 1 and the "key" to a hash related to the link. These parameters are added to the unsubscribe link after  the unsubscribe link is built. The unsubscribe link itself contains an "email" query parameter (which is set to the recipient's email), as well as a "key" query parameter (which is a hash of the user's email and pass_hash). 

I would suggest that the click tracking piece be reviewed to avoid the duplicate parameters.

I imagine that this may be the root cause of other unsubscribe issues that have been reported in this forum.

Thanks.

 

Link to comment
Share on other sites

20 hours ago, HeadStand said:

Clicking on an unsubscribe link redirects the user to the homepage and does not unsubscribe.

This took me FOREVER to figure out, especially because the client who reported it was using SendGrid, which of course rewrites all the links. Until I got access to that and managed to see what was happening...

There is a conflict when IPS email tracking is enabled. Consider this unsubscribe link that is included in a bulk mail:

https://site.com/index.php?app=core&module=system&controller=redirect&url=https://site.com/unsubscribe/?email=esther@headstandconsulting.com%26key=1cd2e20f285199a4351e4037aa7c19b1&key=e6509624eb4aeb5a4a3e8c7e19497d69628204292b4a26d21ac49db305915cc3&email=1&type=bulk_mail&utm_source=connect&utm_medium=email&utm_campaign=website

Note that there are 2 query parameters for both "email" and "key".

\IPS\Email::_parseElementForClickTracking

$url = \IPS\Http\Url::internal( "app=core&module=system&controller=redirect", 'front' )->setQueryString( array(
				'url'		=> (string) $element->getAttribute('href'),
				'resource'	=> ( \IPS\Request::i()->resource ) ? 1 : NULL,
				'key'		=> hash_hmac( "sha256", (string) $element->getAttribute('href'), \IPS\Settings::i()->site_secret_key . 'r' ),
				'email'		=> 1,
				'type'		=> $templateKey
			) );

Adding the HTML click tracking sets the "email" query parameter to 1 and the "key" to a hash related to the link. These parameters are added to the unsubscribe link after  the unsubscribe link is built. The unsubscribe link itself contains an "email" query parameter (which is set to the recipient's email), as well as a "key" query parameter (which is a hash of the user's email and pass_hash). 

I would suggest that the click tracking piece be reviewed to avoid the duplicate parameters.

I imagine that this may be the root cause of other unsubscribe issues that have been reported in this forum.

Thanks.

 

I can't reproduce this.

The tracking URL results in a link which contains the encoded URL with the email and key parameter , so the email and key parameters which are added by the tracking code don't conflict with the one in the url parameter.

CleanShot 2022-01-14 at 14.45.17@2x.png

 

And I can also confirm that the unsubscribe link in the bulk email with enabled email tracking works correct and that I was redirected to the proper target once my clicks as logged.

Have you tried to debug the target URL inside the redirect controller? 

Link to comment
Share on other sites

3 hours ago, Daniel F said:

Have you tried to debug the target URL inside the redirect controller? 

Yes, I can see where I'm directed to when I click the unsubscribe link.

Perhaps it's a conflict with Sendgrid itself? The way that Sendgrid rewrites the URLs? I would bet that sendgrid just decodes the URL in full.....

Link to comment
Share on other sites

31 minutes ago, HeadStand said:

Yes, I can see where I'm directed to when I click the unsubscribe link.

Perhaps it's a conflict with Sendgrid itself? The way that Sendgrid rewrites the URLs? I would bet that sendgrid just decodes the URL in full.....

SendGrid's URL decryption has caused some issues in the past so I would not be surprised. Of course, can confirm this by doing some tests with another SMTP provider.

Link to comment
Share on other sites

52 minutes ago, Jim M said:

SendGrid's URL decryption has caused some issues in the past so I would not be surprised. Of course, can confirm this by doing some tests with another SMTP provider.

Sendgrid is not the only platform that rewrites URLs. Most of these platforms do. I realize that IPS doesn't support other email services out of the box, but there are plenty of services that will rewrite the URLs even if you send the email through their SMTP.

Link to comment
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...