HubSpot Ideas


Subscription preferences open to abuse

Emails from HubSpot (with GDPR enabled) include a link to unsubscribe.

If you click on the link, you get a web page which asks you to input the email address to be unsubscribed.

Here's the thing: the website will allow you to input ANY email address.. and if that address is in our database, the address will be unsubscribed.


I don't understand why HubSpot would make the feature this way, so open to abuse.

Why not simply use a unique key from the original email .. so we are pretty sure that the person unsubscribing is indeed the true owner of that email address.