Unsubscribe Flow with Unique Identifier | Community
Skip to main content
Alexandr_Odnobo
Alexandr_Odnobo
New Participant
May 24, 2021
Question

Unsubscribe Flow with Unique Identifier

  • May 24, 2021
  • 2 replies
  • 4011 views

Hello All,

At the moment we're having Marketo forms on website, allowing a "Newsletter Subscription", and also contacts can visit Marketo Landing Page(LP) to complete the Unsubscribe Form to unsubscribe from these emails. The Unsubscribe form consists of "email address" field, and "Unsubscribe" marketo fiend which is hidden, type Boolean, just to be true or false. This triggers the campaign and contact Unsubscribes.

The problem is: anybody can unsubscribe anybody, just adding any email in that field, so we want to make a "Confirmation email", which should contain a button with a link to "Thank you" page, confirming that contact unsubscribed, so the campaign should run after this, which is not hard to implement.

The second problem is: this can be easily hacked, so, what security asked us to do, is generating some kind of Unique Identifier, to have it added to that "confirmation email", and after clicking the link, to also go to that "Thank you" page so we knew that this button was clicked by exactly that contact.

 

Questions:

  • Could you please provide me an idea how the Unique Identifier can be set and generated in Marketo? Contact ID is not a good solution because it has only Numbers there.
  • How can this be implemented in Email?
  • If you have better ideas for setting up this flow- please share your thoughts, but please in details, because i'm not quite a professional in Marketo

If there is a possibility having a call- i'm available at 9am-6pm GMT + 2 time, or just let me know when it's comfortable for you, i'm flexible. Think the call would help better, screen sharing session is very informative usually.

 

Thank you.

 

Regards,

Alexandr

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

2 replies

Jay_Jiang
Jay_Jiang
New Participant
May 25, 2021

Not exactly answering your question but what I do is make my unsubscribe page only accessible by cookied browsers i.e. click through from email

 

Create a segment for Known leads only where email address is not empty.

Use that for dynamic content in your unsubscribe landing page

For the default segment, add javascript to stop loading (and optionally destroy any loaded DOMs) and redirect to the home page

For the known segment, load your form as per normal

    SanfordWhiteman
    SanfordWhiteman
    New Participant
    May 25, 2021

    Know you know this, Jay, but for the lurkers — that wouldn't stop someone from submitting a form as someone else. They'd have to know the form ID, but they could get that by signing up themselves.

     

    (I was working on a PDF vulnerability recently for a bank, and the vuln depended on a hacker signing up for an account and thus knowing the format of a boilerplate PDF they could use to attack others. Once you start thinking like an attacker, you see things you wish you didn't.😐)

    Jay_Jiang
    Jay_Jiang
    New Participant
    May 25, 2021

    yes, certainly. @ OP for a complex use case I wouldn't solution it using Marketo but rather get a CDP involved to control the identity and protect what data goes into the database

    Michael_Florin-2
    Michael_Florin-2
    New Participant
    May 24, 2021

    I probably don't have an answer to your specific problem, but let me add some thoughts anyway.

     

    1. Yes, true. Anybody can unsubscribe anybody. But I've never experienced that to be real-world problem. It totally can happen, but it doesn't.

    2. I find a confirmation email to confirm an unsubscribe request dubious. People don't want your emails, including this confirmation. And in addition: How can that be so easily be hacked? You need access to that email address' inbox to confirm the unsubscription, don't you? It's a common procedure for opt-ins, why shouldn't it work for opt-outs as well?

    3. A solid unique ID in Marketo is the Marketo ID. {{lead.Id}}

    Alexandr_Odnobo
    Alexandr_OdnoboAuthor
    New Participant
    May 24, 2021

    Hello Michael,

    Thank you for sharing your thoughts.

    1. Our BA has some experience in Security, and he told that all these actions can be reproduced, not easily of course, but it's possible, and Generating a Unique Identifier for every contact could do the job. I'm just curious if there is something like that in Marketo.

    2.For newsletter subscription we're also thinking to change thing in this direction.

    3. Like i said, Marketo ID is not good because it's numbers only.

    SanfordWhiteman
    SanfordWhiteman
    New Participant
    May 24, 2021
    3. Like i said, Marketo ID is not good because it's numbers only.

    This statement doesn't make sense. The uniqueness of an identifier has nothing to do with it being numeric or alphanumeric. An auto-incrementing integer column in a database is unique by definition.

     

    Nevertheless there is another field in Marketo, Marketo Unique Code, which happens to use uppercase letters and numbers 0-9.

     

    But the fact that it appears as an alphanumeric string doesn't itself make it more or less unique. A Base36 representation of an integer — like a flight confirmation code KF12OI is alphanumeric, after all. But they're exactly the same value (1234567890 = KF12OI).

    Terms & ConditionsAccessibility statement

    Loading footer...