Uploaded image for project: 'Jira Service Management Cloud'
  1. Jira Service Management Cloud
  2. JSDCLOUD-14987

Prevent automatic unsubscribe due to email security scanner link clicks

XMLWordPrintable

    • 71
    • 39

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Issue Summary

      We observed an issue where email security scanners, used by some customers, automatically click on links in emails to detect potential threats.

      As a result, unsubscribe links present in request notification emails are being triggered without any human interaction, causing users to unintentionally unsubscribe from important notifications.

      To mitigate this, we propose introducing friction in the unsubscribe flow. This could include one or more of the following measures:

      • Adding a confirmation page before completing the unsubscribe action.
      • Using CAPTCHA or similar verification to ensure human interaction.
      • Including an explicit "Confirm Unsubscribe" button after the initial link click.

      The goal is to ensure that unsubscribe actions are intentional and only performed by actual users, thereby preserving the user’s notification preferences and preventing accidental loss of important communication.

       

      This issue was previously logged as a bug - however as we do not have significant control over the email security scanner, we have created a suggestion that will be used to track any mitigations such as those list above or other related future developments. 

       

      Former Bug Report

      By default, customer would be able to set the notification to off/on via link in the customer notification template or via portal.

      Both option must be click by the user. However , for this bug , the notification was set to off without human interatction.

      This only happened when the ticket shared with an organization and a public comment was added to the ticket and triggered the customer notification

      Steps to Reproduce

      1. Create an organization in a JSM project.
      2. Make sure the project using the default customer notification template with the link to turn off the notification.
      3. As a customer, create a ticket via portal and share it with an organization.
      4. Then , ask an agent to add a public comment.
      5. Wait till customer notification triggered to the customer (reporter).

      Expected Results

      View the issue via portal , and notice the notification remain as on for the reporter.

      Actual Results

      View the issue via portal , and notice the notification set to off for the reporter. This may happened for request participant too.

      Workaround

      The workaround is to remove the link from customer notification template :

      • For HTML , remove this section :-
      <span class="jsd-link-separator">&middot;</span>
    <a class="jsd-unsubscribe-link" href="${request.disable.notifications.url}">Turn off this request's notifications</a>
      • For "Plain Text" , to remove for customer receiving with plain text template and remove the Turn off this request's notifications: ${request.disable.notifications.url}"

      In some cases you'd have to remove this link from both HTML and "Plain text" configurations.

      Ensure that the unsubscribe link is also removed from the template in translations if translations are enabled.

        1. Screenshot 2025-04-02 at 6.27.42 PM.png
          Screenshot 2025-04-02 at 6.27.42 PM.png
          36 kB

              0e745d33eaa1 Shubham Agarwal
              nroslan Atiqah Roslan
              Votes:
              14 Vote for this issue
              Watchers:
              31 Start watching this issue

                Created:
                Updated: