Ability to remove new "Unsubscribe" link from mail notifications

Publishing help General
10

I think the possible solutions then would be:

  1. For whoever to click the link, have to key in the email address in a form again (PLEASE DO NOT AUTOFILL) before confirming un-subscription, followed by an un-subscription notification to that email address should the un-subscription be accidental (or initiated by someone who knows the original recipent’s email address).

    I personally tested your current implementation by copying the link and pasting into an incognito window, to test what would happen if someone I replied to decides to click on that button.

    PLEASE DO NOT AUTOFILL!!!

    • My email address appeared in that unsubscription form, making it VERY EASY for somebody to just click that button and remove myself.

    PLEASE SEND CONFIRMATION EMAIL!!!

    • I did not receive any indication that my email address was removed from the form settings, which will lead to missed notifications in the future

  2. Have unsubscribing user login to the account to verify un-subscription. This won’t work currently as the email field is unverified and you can insert anybody’s email address and they won’t have access to your account.

  3. Another simpler way would be to only select verified/confirmed email addresses in the form settings - this way we can remove the link in the email as now we are unable to insert anybody’s account to receive those email notifications

Yup, this message is not needed, as clients (or random strangers if you insert random emails) most likely do not have access to a site in your dashboard (#2)

I strongly recommend the addition of this Insecure Link be removed immediately until a proper solution is implemented:

Another simpler way would be to only select verified/confirmed email addresses in the form settings

due to the following reasons:

as this can mess up everybody’s form notifications if they are unaware of this new change and unknowingly forward the email to a third-party or reply to the “reply-to” sender.

Which is more important?

Us/Clients continue to receive form submission email notifications (leads/feedback/complaints/etc.), that may cause lost revenue and PR damage/lawsuits if not received in a timely manner, or

perhaps maybe allowing unauthorised third-parties to unsubscribe ourselves?

In the meantime…

If you have recently forwarded, replied-to, or even have Zapier or auto-forwarding connected to the form in your project, you have to constantly monitor that the Notification Email Address is not removed/modified, for each project.

Disclaimer: I am not a staff of Webflow, and the opinions expressed above are my own and do not necessarily represent the views of the Webflow team. I disclaim all and any responsibility or liability in respect of information detailed or omitted (or the consequences thereof) from this post.

4 Likes