Hacker News new | comments | show | ask | jobs | submit login

To product designers: In practice, you should really avoid using the "sending a reply email message" part. Especially these days when people have multiple email addresses, it can very quickly break down.

This happens often to me:

* Get email that I'd like to unsubscribe to

* Look for unsub info -- directed to "reply to this email" or, almost as bad, "enter your email address"

* Follow instructions

* Receive notice saying "Sorry, the email you entered [sent from] is not in our database"

Well thanks. We've gotten nowhere.

So the right way to design this should be a simple unsubscribe link w/ a unique token that executes the request upon clicking.

At worst, you can do what Constant Contact does and require the email address to be entered, but still provide a hint (i.e. "a....c@gmail.com"). This is still somewhat annoying, but I understand why they do it -- it likely reduces net unsubs since there's a second step involved. Pushing it, but thinking as a business owner as well, I get it.

In gmail: click the down arrow thingy, then "Show Original Email". Look for the line that says "Delivered-To: XXX@XXX.COM", and that the email it was delivered to.

If you have an email A forwarding to B, on B there will be a "Delivered-To: B", I think. I never got to understand where on the email source I can find if it was to A or B.

I agree with your point about unsubscribe links, but I don't see how it's not immediately obvious which of your multiple E-Mail addresses you need to unsubscribe with since it's going to be the one the mail was sent to.

For those with vanity URLs and GMail - the trick I use to manage unsubscribes better is to enable 'catch-all address' and registering for new accounts by their URL and TLD, e.g. news_ycombinator_com@URL.com, or kennethcole_com@URL.com, etc.

Two benefits - 1) easier to remember my login per site and 2) if I start getting spammed as a result of my info being shared with third-parties, I can attribute the original offender to the e-mail address.

Also a good way to get vast amounts of dictionary attack spam. One of the mail domains I host was accepting mail to all addresses for some years, and this seems to have attracted even more spam: the volume of junk it gets is disproportionately huge compared to the other similar domains.

My mail server allows -- as an alternative to + so my users can work around braindead address regexes.

You also get few hundred "new viagra price" in your spam folder sent to HjvhBYgVqJ@your.domain. You'll never find kennethcole_com@your.domain in that mess. Even worse is that you get bounced spam emails sent to some@guy.com with from header sent to HjvhBYgVqJ@your.domain and spam filter doesn't see them as spam.

Also, assuming the site isn't brain-dead and invalidating the address, you can use email+site@gmail.com with any gmail or google apps address.

That + is frequently a cause of contention though, so I use a . (which was done via config when I ran my own mail server days gone by) and also have a catchall on google apps.

If I were selling my database to spammers I would process my entire list to remove everything between the plus and the at sign.

Gmail accepts multiple forms of email addresses for a single account. first.last@gmail.com is identical to firstlast@gmail.com. I often get subscribed to email lists I don't want using a variant of Gmail address that I never use. Also, plenty of people using forwarding addresses; it may not be clear which address was the target.

What you're saying is odd, because I own a first.last@gmail.com email address and I know the person that owns the equivalent firstlast@gmail.com email address.

Also, the email address to which the message was sent appears clearly in the "To:" header.

This is not Gmail's designed or advertised behavior.


Either you or your friend is misspelling their address (more common than you might think, I get opt-in mailing-list mail for myaddress@gmail.com, intended for myaddress@ymail.com), or you've encountered a bug.

You can put periods inside the username part of a gmail address and it still gets through. I'm not sure how what you're saying could be true? Maybe it wasn't always this way.

funny. Because if you own the address halfarsed@gmail.com, I thought you also own half.arsed@gmail.com.

The dots are for you to play around with, but the mail all goes to one account. Or, at least, that's how it works with my account.

Early first.last@gmail accounts had firstlast@gmail reserved for them. Google stopped doing that a few years after launch.

Are you certain? Im under the impression periods in email addresses, anywhere, do not affect delivery


Periods in gmail addresses to not affect delivery. other mail servers may behave differently.

I had no idea they stopped doing that! That seems a pretty serious change of model, I'm glad I know it now.

They didn't stop.

I thought it was the other way around: mail to firstlast@gmail.com will be delivered to first.last@gmail.com unless firstlast@gmail.com was registered early on.

Not always.

Google's own google-content-api-for-shopping@googlegroups.com mailing list has this as the "To:" field:


And at the bottom of the message:

To unsubscribe from this group, send an empty message.

I had to ctrl-u and check the "Delivered-To:" and "X-Forwarded-For:" headers before I could unsubscribe.

(I'd tried to unsubscribe previously but the subscribed email account forwards to my main account so replying with an empty message didn't work. This thread prompted me to dig a little deeper and finally get one less piece of email per day - thanks HN!)

Exactly, even if email is forwarded, the To: should still be intact.


Delivered-to is still going to be valid. You'll have to be able to read all email headers, though.

Sending a reply email message can still work just fine. Assuming they include the original message in their reply, you just need to embed an ID in the original message, and look them up through that.

in which case you've invested the effort in making the stateful one-time token for unsubscription (is that a word?) - it's EASIER to enact that via a web link than parsing response emails

It's only easier if the recipient is web browsing, and wants to risk getting cookies and malware from a known-malicious entity...

if it's a known malicious entity I don't think I'd want to confirm that my email address is 'live' either way ...

the majority use case here is that they're not malicious, merely spammy with good intentions.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact