-
Notifications
You must be signed in to change notification settings - Fork 23k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[15.0][16.0] Odoo not following RFC 8058 - mass e-mails will go to spam #165169
Comments
Here is Mailgun's statement about RFC 8058 enforcement. https://www.mailgun.com/blog/deliverability/what-is-rfc-8058/#chapter-3
|
To make things worse, Odoo does not generate
Additionally, Odoo does not check if the email sender domain DKIM is configured correctly. This is a requirement to comply with the RFC. Requirements for unsubscribing in plain English: If you manage your own email program, or even just your unsubscribes, you will have to manually implement a one-click unsubscribe process. Senders must include one The The The message MUST have a valid DKIM signature to cover the List-Unsubscribe, and List-Unsubscribe-Post headers. The URI must include sufficient information to identify the mail recipient and the list from which they are to be removed. The post request MUST NOT include cookies, HTTP auth, or any other identifying data that might link the unsubscribe action to any previous web activity. |
HI @ossimantylahti ,
Note that in scenario 1, the "Test" button email mostly serves for visualizing the rendered template but will not have the specific unsubscribe URLs generated and linked to the respective models. Thank you in advance. |
Hello, Indeed the test button is in a flow where it is difficult to have the unsubcribe links working. However standard marketing emails effectively have those headers set, depending on the version / module (mass mailing, digest, mailing lists). We plan to try to backport improvements in 15.0 so that all major versions have those headers. Cheers, |
Hello @tde-banana-odoo ! Hope all is going well at the farm 😄 Once the fix is ready, could you link the PR to the issue so that we will be able to get the fix code asap. I personally need to back port it in v13.0 😅 Thanks ! |
@jorv-odoo I can confirm that the 403 error is indeed due to sending the messages with "Test" button. When clicking on the unsubscribe on the actual scheduled e-mail, that unsubscribe works. However, the message is still missing |
They are not set. Here are raw headers from Odoo 16 EE test from day before yesterday.
|
Yes and the reason behind is quite legit as the access token is not yet generated, which makes totally sense to me as its role is to provide public access, which is to me not suitable until the mailing is actually sent. |
@ossimantylahti thx for confirming. |
Starting from 1st June 2024, most major email provivders will start enforcing compliance with RFC 8085 dictating easy unsubscription for marketing emails. While Odoo 17.0+ is compliant, previous versions did not generate the relevant email headers for outgoing emails (`List-Unsubscribe` and `List-Unsubscribe-Post`). This commit tries to backport the used approach in 17.0 to be functionally equivalent in versions 15+. Related github issue odoo#165169
Starting from 1st June 2024, most major email provivders will start enforcing compliance with RFC 8085 dictating easy unsubscription for marketing emails. While Odoo 17.0+ is compliant, previous versions did not generate the relevant email headers for outgoing emails (`List-Unsubscribe` and `List-Unsubscribe-Post`). This commit tries to backport the used approach in 17.0 to be functionally equivalent in versions 15+. Related github issue odoo#165169
Starting from 1st June 2024, most major email proivders will start enforcing compliance with RFC 8085 dictating easy unsubscription for marketing emails. While Odoo 17.0+ is compliant, previous versions did not generate the relevant email headers for outgoing emails (`List-Unsubscribe` and `List-Unsubscribe-Post`). This commit tries to backport the used approach in 17.0 to be functionally equivalent in versions 15+. Related github issue odoo#165169
@jorv-odoo any update regarding this issue? Thanks and have a great day! |
@IT-Ideas a RnD commit is on the way. Hopefully it will be merged asap, but there is still some validation and testing to do. I will try to update this thread once things are more definite. Have a great day! |
It seems that Odoo's mass e-mail marketing does not follow RFC 8058. This RFC dictates that unsubcribing from a mass e-mail list should happen with one click only. There cannot be any other pages after clicking on the link.
This is time critical defect, since from 1st June 2024 onwards Google, Yahoo! and Microsoft start to automatically deliver mass e-mails that do not follow RFC 8058 to spam box.
*Impacted versions:
[15.0][16.0] are impacted.
[17.0] works ok.
*Steps to reproduce:
Send an e-mail using Odoo's e-mail mass marketing tool
Try to unsubscribe from the list by clicking on the Unsubscribe button
*Current behavior:
After clicking on the link, I'm getting 403: Forbidden error
After clicking on the link, the email still remains in the mass e-mail list
I expect that Odoo should follow RFC 8058 and let user unsubcribe himself from the list by one click. Right now 1) the unsubcribe does not work at all due to 403. 2) It should be ONE CLICK only without any additional confirmations.
Screencaps:
Testing with another template
Email arrives and the unsubcribe link is below
But clicking on the link gives 403 forbidden error
4b. Same thing with another browser and incognito mode:
#3924174
The text was updated successfully, but these errors were encountered: