Unsubscribe Message Obfuscation

curtis

Beginner
Oct 3, 2021
17
0
1
We're experiencing weird behavior with the unsubscribe logic on our Mumara Classic (ESP) instance.
Some of our members are unable to unsubscribe from our newsletters.

We've been tracking the unsubscribe page while capturing all the requests,
we find out that some of the generated IDs are corrupted or obfuscated.

Here's an example..

Our base64 (i.e. the ID passed to the unsubscribe page)
PDVkNmE3YzE0ODc2ZWE2YmIyOTU2NzhlYWVkZmRmMDFkQHp5Z2VkLnViZWZmY2JqZmVmZnlmZGd2YmFmLmRiej4=

Decoded
<[email protected]>

As you can see the domain makes no sense, like it was obfuscated or encrypted,
not all the of them are like that, but a good portion is.

It's a serious problem because along with the domain, the message_id is obfuscated / encrypted as well,
so Mumara unable to find the original message_id to unsubscribe the participant from the list.

If for some reason the ID was changed by the email provider, we would not be able to decode the base64,
which means that the source should be the origin that generated the base64 i.e. Mumara.

Any thoughts?
 

wasif

Administrator
Staff member
Apr 9, 2019
576
112
43
If the message-id is being overwritten by the email provider, it does make sense that you received this message-id in the email. But it doesn't make sense that the message-id can be overwritten in the unsubscribe link. Message-id is generated from the tracking links which means that [email protected] is set as a tracking domain. I would suggest finding this domain in your esp_masking_domains table.