Open nollm opened 5 months ago
Gregor-Agnes
commented
5 months ago First thought: maybe better to use the unsubsribe link in the newsletter only. And deactivate the unsubscribe link and form?
I am not sure if I got the problem right: Could you explain, what exactly happened?
nollm
commented
5 months ago Our customer has two pages. One to subscribe and one to unsubscribe. Probably someone has created a subscription but has not confirmed it. Then a bot spamed the unsubscribe form with this unconfirmed email. If the email exists you can unsubscribe as often as you like and an email will be sent each time. For that problem I think hCaptcha should be used in ShowUnsubscribe.html in the same way as in ShowSubscribe.html.
Gregor-Agnes
commented
5 months ago Ok, I think I understand. I am quite busy and cannot implement that featur ATM. In the meantime, I appreciate, if you would create the enhancement and the according pull request.
Anyway: thx for reporting!
Is it possible to implement hCaptcha as option in the Newsletter Unsubscribe form too? We had the situation that a bot created an unconfirmed tt_address entry and then send 300 times an unsubscribe mail.