-
Suggestion
-
Resolution: Unresolved
-
None
-
1
-
Issue Summary
We observed an issue where email security scanners, used by some customers, automatically click on links in emails to detect potential threats.
As a result, unsubscribe links present in request notification emails are being triggered without any human interaction, causing users to unintentionally unsubscribe from important notifications.
To mitigate this, we propose introducing friction in the unsubscribe flow. This could include one or more of the following measures:
- Adding a confirmation page before completing the unsubscribe action.
- Using CAPTCHA or similar verification to ensure human interaction.
- Including an explicit "Confirm Unsubscribe" button after the initial link click.
The goal is to ensure that unsubscribe actions are intentional and only performed by actual users, thereby preserving the user’s notification preferences and preventing accidental loss of important communication.
Steps to Reproduce
- Create an organization in a JSM (Jira Service Management) project.
- Make sure the project using the default customer notification template with the link to turn off the notification.
- As a customer, create a ticket via portal and share it with an organization.
- Ask an agent to add a public comment.
- Wait till customer notification triggered to the customer (reporter).
- Log into the portal as the customer who raised the ticket
- Open the request
Expected Results
The customer should be subscribed to receive notifications from the support request. The option Don't notify me should be visible, which means that the customer is subscribed and has the option to unsubscribe from the UI:
Actual Results
The customer is no longer subscribed even though they did not opt out themselves from receiving notifications from the support request. The option Get notifications is shown, which means that the customer is no longer subscribed and needs to manually opt back in:
Workaround
The workaround is to remove the link from customer notification template in each JSM project, via the page Project Settings > Customer Notifications > Edit Templates
- For HTML , remove this section :-
<span class="jsm-link-separator">·</span> <a class="jsm-unsubscribe-link" href="${request.disable.notifications.url}">Turn off this request's notifications</a>
- For "Plain Text" , to remove for customer receiving with plain text template and remove this section:
Turn off this request's notifications: ${request.disable.notifications.url}
In some cases you'd have to remove this link from both HTML and "Plain text" configurations.
Ensure that the unsubscribe link is also removed from the template in translations if translations are enabled.
- is cloned from
-
- Gathering Interest
- relates to
-
JSDSERVER-15583 Low rating CSAT is set unknowingly from the customer mail server security scanner
-
- Closed
-
- links to
[JSDSERVER-16285] Prevent automatic unsubscribe due to email security scanner link clicks
| Support reference count | New: 1 |
| Labels | Original: architectural | New: architectural ril |
| Remote Link | New: This issue links to "Internal ticket (Web Link)" [ 1034529 ] |
| Link |
New:
This issue relates to |
| Description |
Original:
h3. Issue Summary
We observed an issue where email security scanners, used by some customers, automatically click on links in emails to detect potential threats. As a result, unsubscribe links present in request notification emails are being triggered without any human interaction, causing users to unintentionally unsubscribe from important notifications. To mitigate this, we propose introducing friction in the unsubscribe flow. This could include one or more of the following measures: * Adding a confirmation page before completing the unsubscribe action. * Using CAPTCHA or similar verification to ensure human interaction. * Including an explicit "Confirm Unsubscribe" button after the initial link click. The goal is to ensure that unsubscribe actions are intentional and only performed by actual users, thereby preserving the user’s notification preferences and preventing accidental loss of important communication. h3. Steps to Reproduce # Create an organization in a JSM (Jira Service Management) project. # Make sure the project using the default customer notification template with the link to turn off the notification. # As a customer, create a ticket via portal and share it with an organization. # Ask an agent to add a public comment. # Wait till customer notification triggered to the customer (reporter). # Log into the portal as the customer who raised the ticket # Open the request h3. Expected Results The customer should be subscribed to receive notifications from the support request. The option *Don't notify me* should be visible, which means that the customer is subscribed and has the option to unsubscribe from the UI: !ExpectedResults.png|thumbnail! h3. Actual Results View the issue via portal , and notice the notification set to off for the reporter. This may happened for request participant too. h3. Workaround The workaround is to remove the link from customer notification template in each JSM project, via the page *Project Settings > Customer Notifications > Edit Templates* - For HTML , remove this section :- {code:java} <span class="jsm-link-separator">·</span> <a class="jsm-unsubscribe-link" href="${request.disable.notifications.url}">Turn off this request's notifications</a> {code} - For "Plain Text" , to remove for customer receiving with plain text template and remove this section: {code:java} Turn off this request's notifications: ${request.disable.notifications.url} {code} {color:#00875a}*In some cases you'd have to remove this link from both HTML and "Plain text" configurations.*{color} {color:#00875a}*Ensure that the unsubscribe link is also removed from the template in translations if translations are enabled.*{color} |
New:
h3. Issue Summary
We observed an issue where email security scanners, used by some customers, automatically click on links in emails to detect potential threats. As a result, unsubscribe links present in request notification emails are being triggered without any human interaction, causing users to unintentionally unsubscribe from important notifications. To mitigate this, we propose introducing friction in the unsubscribe flow. This could include one or more of the following measures: * Adding a confirmation page before completing the unsubscribe action. * Using CAPTCHA or similar verification to ensure human interaction. * Including an explicit "Confirm Unsubscribe" button after the initial link click. The goal is to ensure that unsubscribe actions are intentional and only performed by actual users, thereby preserving the user’s notification preferences and preventing accidental loss of important communication. h3. Steps to Reproduce # Create an organization in a JSM (Jira Service Management) project. # Make sure the project using the default customer notification template with the link to turn off the notification. # As a customer, create a ticket via portal and share it with an organization. # Ask an agent to add a public comment. # Wait till customer notification triggered to the customer (reporter). # Log into the portal as the customer who raised the ticket # Open the request h3. Expected Results The customer should be subscribed to receive notifications from the support request. The option *Don't notify me* should be visible, which means that the customer is subscribed and has the option to unsubscribe from the UI: !ExpectedResults.png|thumbnail! h3. Actual Results The customer is no longer subscribed even though they did not opt out themselves from receiving notifications from the support request. The option *Get notifications* is shown, which means that the customer is no longer subscribed and needs to manually opt back in: !ActualResults.png|thumbnail! h3. Workaround The workaround is to remove the link from customer notification template in each JSM project, via the page *Project Settings > Customer Notifications > Edit Templates* - For HTML , remove this section :- {code:java} <span class="jsm-link-separator">·</span> <a class="jsm-unsubscribe-link" href="${request.disable.notifications.url}">Turn off this request's notifications</a> {code} - For "Plain Text" , to remove for customer receiving with plain text template and remove this section: {code:java} Turn off this request's notifications: ${request.disable.notifications.url} {code} {color:#00875a}*In some cases you'd have to remove this link from both HTML and "Plain text" configurations.*{color} {color:#00875a}*Ensure that the unsubscribe link is also removed from the template in translations if translations are enabled.*{color} |
| Description |
Original:
h3. Issue Summary
We observed an issue where email security scanners, used by some customers, automatically click on links in emails to detect potential threats. As a result, unsubscribe links present in request notification emails are being triggered without any human interaction, causing users to unintentionally unsubscribe from important notifications. To mitigate this, we propose introducing friction in the unsubscribe flow. This could include one or more of the following measures: * Adding a confirmation page before completing the unsubscribe action. * Using CAPTCHA or similar verification to ensure human interaction. * Including an explicit "Confirm Unsubscribe" button after the initial link click. The goal is to ensure that unsubscribe actions are intentional and only performed by actual users, thereby preserving the user’s notification preferences and preventing accidental loss of important communication. h3. Steps to Reproduce # Create an organization in a JSM (Jira Service Management) project. # Make sure the project using the default customer notification template with the link to turn off the notification. # As a customer, create a ticket via portal and share it with an organization. # Ask an agent to add a public comment. # Wait till customer notification triggered to the customer (reporter). h3. Expected Results View the issue via portal, and notice the notification remain as on for the reporter. h3. Actual Results View the issue via portal , and notice the notification set to off for the reporter. This may happened for request participant too. h3. Workaround The workaround is to remove the link from customer notification template in each JSM project, via the page *Project Settings > Customer Notifications > Edit Templates* - For HTML , remove this section :- {code:java} <span class="jsm-link-separator">·</span> <a class="jsm-unsubscribe-link" href="${request.disable.notifications.url}">Turn off this request's notifications</a> {code} - For "Plain Text" , to remove for customer receiving with plain text template and remove this section: {code:java} Turn off this request's notifications: ${request.disable.notifications.url} {code} {color:#00875a}*In some cases you'd have to remove this link from both HTML and "Plain text" configurations.*{color} {color:#00875a}*Ensure that the unsubscribe link is also removed from the template in translations if translations are enabled.*{color} |
New:
h3. Issue Summary
We observed an issue where email security scanners, used by some customers, automatically click on links in emails to detect potential threats. As a result, unsubscribe links present in request notification emails are being triggered without any human interaction, causing users to unintentionally unsubscribe from important notifications. To mitigate this, we propose introducing friction in the unsubscribe flow. This could include one or more of the following measures: * Adding a confirmation page before completing the unsubscribe action. * Using CAPTCHA or similar verification to ensure human interaction. * Including an explicit "Confirm Unsubscribe" button after the initial link click. The goal is to ensure that unsubscribe actions are intentional and only performed by actual users, thereby preserving the user’s notification preferences and preventing accidental loss of important communication. h3. Steps to Reproduce # Create an organization in a JSM (Jira Service Management) project. # Make sure the project using the default customer notification template with the link to turn off the notification. # As a customer, create a ticket via portal and share it with an organization. # Ask an agent to add a public comment. # Wait till customer notification triggered to the customer (reporter). # Log into the portal as the customer who raised the ticket # Open the request h3. Expected Results The customer should be subscribed to receive notifications from the support request. The option *Don't notify me* should be visible, which means that the customer is subscribed and has the option to unsubscribe from the UI: !ExpectedResults.png|thumbnail! h3. Actual Results View the issue via portal , and notice the notification set to off for the reporter. This may happened for request participant too. h3. Workaround The workaround is to remove the link from customer notification template in each JSM project, via the page *Project Settings > Customer Notifications > Edit Templates* - For HTML , remove this section :- {code:java} <span class="jsm-link-separator">·</span> <a class="jsm-unsubscribe-link" href="${request.disable.notifications.url}">Turn off this request's notifications</a> {code} - For "Plain Text" , to remove for customer receiving with plain text template and remove this section: {code:java} Turn off this request's notifications: ${request.disable.notifications.url} {code} {color:#00875a}*In some cases you'd have to remove this link from both HTML and "Plain text" configurations.*{color} {color:#00875a}*Ensure that the unsubscribe link is also removed from the template in translations if translations are enabled.*{color} |
| Attachment | New: ActualResults.png [ 503784 ] | |
| Attachment | New: ExpectedResults.png [ 503783 ] |
| Description |
Original:
h3. Issue Summary
We observed an issue where email security scanners, used by some customers, automatically click on links in emails to detect potential threats. As a result, unsubscribe links present in request notification emails are being triggered without any human interaction, causing users to unintentionally unsubscribe from important notifications. To mitigate this, we propose introducing friction in the unsubscribe flow. This could include one or more of the following measures: * Adding a confirmation page before completing the unsubscribe action. * Using CAPTCHA or similar verification to ensure human interaction. * Including an explicit "Confirm Unsubscribe" button after the initial link click. The goal is to ensure that unsubscribe actions are intentional and only performed by actual users, thereby preserving the user’s notification preferences and preventing accidental loss of important communication. This issue was previously logged as a bug - however as we do not have significant control over the email security scanner, we have created a suggestion that will be used to track any mitigations such as those list above or other related future developments. ---- {quote} h3. Former Bug Report By default, customer would be able to set the notification to off/on via link in the customer notification template or via portal. Both option must be click by the user. However , for this bug , the notification was set to off without human interatction. This only happened when the ticket shared with an organization and a public comment was added to the ticket and triggered the customer notification h3. Steps to Reproduce # Create an organization in a JSM project. # Make sure the project using the default customer notification template with the link to turn off the notification. # As a customer, create a ticket via portal and share it with an organization. # Then , ask an agent to add a public comment. # Wait till customer notification triggered to the customer (reporter). h3. Expected Results View the issue via portal , and notice the notification remain as on for the reporter. h3. Actual Results View the issue via portal , and notice the notification set to off for the reporter. This may happened for request participant too. h3. Workaround The workaround is to remove the link from customer notification template : - For HTML , remove this section :-{quote} {code:java} <span class="jsd-link-separator">·</span> <a class="jsd-unsubscribe-link" href="${request.disable.notifications.url}">Turn off this request's notifications</a> {code} {quote} - For "Plain Text" , to remove for customer receiving with plain text template and remove the *Turn off this request's notifications: {{{}$\{request.disable.notifications.url{}}}}"*{quote} {quote}{color:#00875a}*In some cases you'd have to remove this link from both HTML and "Plain text" configurations.*{color} {color:#00875a}*Ensure that the unsubscribe link is also removed from the template in translations if translations are enabled.*{color} {quote} |
New:
h3. Issue Summary
We observed an issue where email security scanners, used by some customers, automatically click on links in emails to detect potential threats. As a result, unsubscribe links present in request notification emails are being triggered without any human interaction, causing users to unintentionally unsubscribe from important notifications. To mitigate this, we propose introducing friction in the unsubscribe flow. This could include one or more of the following measures: * Adding a confirmation page before completing the unsubscribe action. * Using CAPTCHA or similar verification to ensure human interaction. * Including an explicit "Confirm Unsubscribe" button after the initial link click. The goal is to ensure that unsubscribe actions are intentional and only performed by actual users, thereby preserving the user’s notification preferences and preventing accidental loss of important communication. h3. Steps to Reproduce # Create an organization in a JSM (Jira Service Management) project. # Make sure the project using the default customer notification template with the link to turn off the notification. # As a customer, create a ticket via portal and share it with an organization. # Ask an agent to add a public comment. # Wait till customer notification triggered to the customer (reporter). h3. Expected Results View the issue via portal, and notice the notification remain as on for the reporter. h3. Actual Results View the issue via portal , and notice the notification set to off for the reporter. This may happened for request participant too. h3. Workaround The workaround is to remove the link from customer notification template in each JSM project, via the page *Project Settings > Customer Notifications > Edit Templates* - For HTML , remove this section :- {code:java} <span class="jsm-link-separator">·</span> <a class="jsm-unsubscribe-link" href="${request.disable.notifications.url}">Turn off this request's notifications</a> {code} - For "Plain Text" , to remove for customer receiving with plain text template and remove this section: {code:java} Turn off this request's notifications: ${request.disable.notifications.url} {code} {color:#00875a}*In some cases you'd have to remove this link from both HTML and "Plain text" configurations.*{color} {color:#00875a}*Ensure that the unsubscribe link is also removed from the template in translations if translations are enabled.*{color} |
| Support reference count | Original: 32 |
| UIS | Original: 144 |