🦋 When visitor / customer change optin from no to yes, send a message to user with a link to cancel optin

[Tirodem]

...or any way to avoid a person A to subscribe to newsletter for a person B without any verification

[coyotte508]

what we can do is add an unsubscribe link to emails & make sure that if there's an unsubscribe, to never send emails to that user again

[Tirodem]

As optins are dedicated to emails outside beBOP notifications (that are to be allowed), and as mailing will be managed outside beBOP (mailchimp or whatever ***** mailing tool the owners will use for commercial use), target here is to act on optin values fresh & true for users personalInfo extract, when there will be.
It's not about stopping email sending from beBOP, but to allow them to confirm / infirm their decision on subscription, and display it on reporting.
(I hope it's clearer)

[coyotte508]

I'm not sure I understand sorry. I just think whatever the solution it's not sending an additional email to the user.

If someone fraudlently adds someone else's email, they can just unsubscribe when they receive the first email from the newsletter. Then the newsletter will never send them another email

[Tirodem]

As I'm really tired too, confusion is highly possible :p

For me there's 2 cases for optin update :

• with /identity
• with /checkout

On checkout, I can buy a product, put your email address, and enable optins.
On identity, I can fill my email info, put your email address, and enable optins.

And in both case, unless I miss something, you'll be notified from beBOP (normal), and if the shopseller use the personalInfo extract to send external emails (from shopseller or partner) without having done a thing.

From what I remember (I don't have the time to retest, sorry) :

• filling informations & optins on /checkout doesn't require to confirm your auth with an email or a SSO
• same for /identity

So, it's needed to give an option for the email owner to say "no, I don't want that".

Plus, currently, when you edit your optin settings, you don't receive notifications.

I thought about some options :

• unsubscribe link :
  • as said, beBOP notifications should always be sent, and no mailing tool will be send to bebop ; it's system infos, it has to be sent
  • it'll be only for shopowner emailing, outside beBOP, and shopowners will have to add the unsubscribe link to their mailing template
    • but even in that case, we have to check how intrusive is the unsubscribe link, as a person that never came to beBOP and is subscribed by someone will have no session, and we don't want to open too much doors
    • we can send an email targeting /identity because this will be on a fresh session, and I hope if I go on /identity, put some values and put [email protected] email address, it won't overwrite settings from a person that has already logged through SSO and session link ; and if this requires to go through /login before, we cannot ask for a person subscribe by someone else to log in order to unsubscribe, it's considered as coercitive acquisition of prospect
  • if the shopowner extract personalInfo users with optins=true settings, partners won't bother to put a link to unsubscribe from beBOP
• ask for confirmation when optin-ing :
  • when you set your infos on /identity, but don't enable optins, no prob
  • when you set your infos on /identity, and enable optins, the optin statut is not "true" or "false" but "to confirm", and an message is sent to target address to confirm the subscription : only when it's validated, the optins go truly to "true"

After processing a bit more the problem, I'm in favor of the last point. It seems cleaner. WDYT ?

[coyotte508]

Maybe we can just make it confirmed when the user has email confirmed (logged in via email) or has a paid order in their history

and we can force that email to notify = email logged in as (same for npub) in identity

[Tirodem]

That's a possibility, but as the log by email request is kinda a new feature, I feat it can limit the subscription of "prospect" users (the one not logged, that hasn't ordered yet, and want to be subscribed to newsletter for future news).
I'm thinking about an hybrid solution, like "when I'm not logged and set my optins in /identity, I receive a session link, and if I click on it, it'll log me and sets my optin as desired" (with a link like https://{site]/login?token={token}&optinSeller=true&optinParntner=true).
WDYT ?

[coyotte508]

well we can send a "login via email" link then (maybe a different message) when someone opts in on /identity why not in the end