Page MenuHomePhabricator
Create Task
Maniphest T354231

One click unsubscribe - by Feb!
Closed, ResolvedPublic
Actions

Description

Google has announced that
"Starting in 2024, we’ll require bulk senders to authenticate their emails, allow for easy unsubscription and stay under a reported spam threshold. "

New requirements for bulk senders

By February 2024, Gmail will start to require that bulk senders:

  • Authenticate their email: You shouldn’t need to worry about the intricacies of email security standards, but you should be able to confidently rely on an email’s source. So we're requiring those who send significant volumes to strongly authenticate their emails following well-established best practices. Ultimately, this will close loopholes exploited by attackers that threaten everyone who uses email.
  • Enable easy unsubscription: You shouldn’t have to jump through hoops to stop receiving unwanted messages from a particular email sender. It should take one click. So we’re requiring that large senders give Gmail recipients the ability to unsubscribe from commercial email in one click, and that they process unsubscription requests within two days. We’ve built these requirements on open standards so that once senders implement them, everyone who uses email benefits.
  • Ensure they’re sending wanted email: Nobody likes spam, and Gmail already includes many tools that keep unwanted messages out of your inbox. To add yet another protection, moving forward, we’ll enforce a clear spam rate threshold that senders must stay under to ensure Gmail recipients aren’t bombard ed with unwanted messages. This is an industry first, and as a result, you should see even less spam in your inbox.

Evaluation of how this affects us

Of the 3 top level items 2 are in the fr-ops realm and I believe that we are covered - ie
https://support.google.com/mail/answer/81126#requirements-5k - We just need @Dwisehaupt
/ @Jgreen to confirm there are no items on there that we are missing / whether there are any
additional tasks around the spam rates

The last item is the one-click unsubscribe. This requires us to have both of these headers in affected emails

List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://solarmora.com/unsubscribe/example>

In order to implement this we need to

  1. create a page that responds to a GET or POST url on one-click. There is no need to render content

if we are only going to use it in the header.

  1. determine which emails need to have one-click unsubscribes
  2. add the header to suitable emails

These are the types of emails we send

  • Bulk mailings via Acoustic - high volume
  • Donation related automated emails (ThankYou, FailureRetry etc) - high volume
  • Ad hoc emails via the UI (we permit up to 2000 per send now)
  • CiviMail (not currently used but intended to replace Ad hoc emails in our usage)

Which emails need one-click-unsubscribe
The Acoustic emails are handled by them (and have the link) and we consideration of the CiviMail & ad hoc is probably a follow up.

The more significant question is the thank you emails. We currently do attach a List-unsubscribe header to our
thank you emails - based on the function build_unsub_link - however, this is not 1-click and there is no POST action.

Google specifies that
"Marketing messages and subscribed messages must support one-click unsubscribe, and include a clearly visible unsubscribe link in the message body. "

This would seem to exclude our thank emails - but do we trust Google to discern the difference. Presumably past-us did not & hence we already have a header & a unsubscribe link - which would make the case for updating what is there. Although on the call we were not sure if we need to it's hard to argue the downside.

Our existing in-text url is the same it seems as the list header one - if that worked with 1 click via GET or POST then that would be an acceptable solution - we could add a 1-click to the url if want to differentiate but I see other providers seem to work off one-click & then offer more options off the back of that

The existing link is (like) https://payments.wikimedia.org/index.php/Special:FundraiserUnsubscribe?p=thankyou&e=barb%40testing.net&h=62591b4adc55494ebdeb8493f853dc21eaaa52f2&uselang=

Links
https://lab.civicrm.org/dev/core/-/issues/4641
https://support.google.com/mail/answer/81126
https://support.google.com/mail/answer/81126#requirements-5k

Related Objects
Search...

Event Timeline

Eileenmcnaughton created this task.Jan 3 2024, 12:25 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 3 2024, 12:25 AM
Eileenmcnaughton updated the task description. (Show Details)Jan 3 2024, 12:27 AM
Eileenmcnaughton mentioned this in T143035: Spike: unsubscribe might have to be a mailto now, rather than an https link.Jan 3 2024, 12:31 AM
Eileenmcnaughton updated the task description. (Show Details)
Eileenmcnaughton triaged this task as High priority.Jan 3 2024, 12:33 AM
XenoRyet added a project: Fundraising Sprint - Yesterday (UTC).Jan 8 2024, 9:10 PM
AKanji-WMF moved this task from Triage to Current Sprint on the Fundraising-Backlog board.Jan 8 2024, 9:28 PM
Eileenmcnaughton updated the task description. (Show Details)Jan 8 2024, 10:44 PM
Eileenmcnaughton added subscribers: Dwisehaupt, Jgreen.
Eileenmcnaughton updated the task description. (Show Details)Jan 8 2024, 10:52 PM
AKanji-WMF edited projects, added Fundraising Spring - anybodyKnowWhatThisDoes(); removed Fundraising Sprint - Yesterday (UTC).Jan 17 2024, 3:51 AM
AKanji-WMF edited projects, added Fundraising Sprint: brb(); removed Fundraising Spring - anybodyKnowWhatThisDoes().Jan 30 2024, 9:10 PM
AKanji-WMF moved this task from Backlog to Blocked in sprint (not fr-tech) on the Fundraising Sprint: brb() board.Feb 5 2024, 8:41 PM
AKanji-WMF added subscribers: DBu-WMF, AKanji-WMF.

Moving to blocked until we hear back from legal via @DBu-WMF .

XenoRyet closed subtask T354584: FR-ops - review google update as Resolved.Feb 12 2024, 8:27 PM
AKanji-WMF edited projects, added Fundraising Sprint: canOfWorms(🪱); removed Fundraising Sprint: brb().Feb 13 2024, 9:23 PM
AnnWF moved this task from Backlog to Blocked in sprint (not fr-tech) on the Fundraising Sprint: canOfWorms(🪱) board.Feb 26 2024, 10:44 AM
AKanji-WMF edited projects, added Fundraising Sprint: didAnyoneTryThis(); removed Fundraising Sprint: canOfWorms(🪱).Feb 29 2024, 5:44 PM
AnnWF subscribed.Feb 29 2024, 7:29 PM

@AKanji-WMF As discussed, I think we can close this ticket :)

AKanji-WMF closed this task as Resolved.Feb 29 2024, 8:42 PM
AKanji-WMF claimed this task.

Thank you @AnnWF - closing as per the write-up in this comment: https://phabricator.wikimedia.org/T354586#9578983

AKanji-WMF mentioned this in T358878: Enable 90 day snooze: Comms Preferences Centre update.Mar 1 2024, 4:35 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits