Skip to content

Instantly share code, notes, and snippets.

@ericjsilva

ericjsilva/README.md

Last active August 29, 2015 14:15
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ericjsilva/cc72f1ae4c1d967b387d to your computer and use it in GitHub Desktop.
Save ericjsilva/cc72f1ae4c1d967b387d to your computer and use it in GitHub Desktop.
Download ZIP
Unsubscribe Email Design
Raw
README.md

You can encode a URL like so:

http://yourserver.com/unsubscribe/<encoded-email>/<signature> Where <signature> is something like hash_hmac('sha256', $email, $secret_key). Encoded-email can just be a URL-encoding of the email, or it can be an actually encrypted (AES+CBC+Base64 or similar) version of the email. Using full encryption would seem to be of little use though - since the person receiving this has their own email address anyway.

This signature scheme has the advantage of not needing any database storage, while remaining secure against malicious attempts to unsubscribe someone.

Raw
sample.php
<?php
$email = 'john.smith@example.com';
$email_sig = base64_encode($email);
$secret_key = 'supersecret123';
$signature = hash_hmac('sha256', $email, $secret_key);
// http://yourserver.com/unsubscribe/<encoded-email>/<signature>
echo "http://yoursever.com/unsubscribe/$email_sig/$signature"
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment