Dada Mail v11.15.0 comes with some important safeguards and improvements when it comes to protecting against link prefetching in the email messages it sends out. It’s a big enough issue, we’re suggestion everyone upgrade their Dada Mail (really!).
What is link prefetching, and why is it so important for email messages from link prefetching? Read on!
Say you want to subscribe to a Dada Mail-powered newsletter. You fill out a subscription form, and a confirmation email message is sent to your inbox with a link confirmation link. Clicking that link will subscribe you to the mailing list.
In some circumstances, it’s possible that your email reader, or whatever service you’re using for your email (like Gmail), will scan the messages arriving in your inbox, and follow the links without your knowledge! They may do this to create a preview of the URL the link will take you to, or scan the URL for nefarious things you probably don’t want to click on.
But in our case, that sort of link prefetching leads to some unwanted results. Maybe it’ll subscribe you to the mailing list, without you even reading the confirmation email! That’s really not how we want the confirmation process to work.
This video shows how Apple’s Mail app will subscribe you to a newsletter, just by previewing the subscription confirmation link:
In v11.15.0, Dada Mail now has protection against that sort of link prefetching, to give much more guarantee that a user really did click something like their subscription confirmation link. Hurray!
Subscription confirmation links aren’t the only types of links that cause an action to happen with Dada Mail. Others include:
- Unsubscriptions <— BIG ONE!
- List Owner Accept/Rejecting Subscriptions
- List Password Reset
- Clickthrough Link Tracking
- Profile Activation
- Profile Password Reset
- Moderating Discussion Messages
Two that you’re most likely very interested in are the unsubscription links. People could potentially be unsubscribed without even opening up your message!
The other is tracking clickthroughs. These links could be recorded as being, “clicked” before the user even views the message, throwing your email analytics off.
In v11.15.0, all these links are now protected against link prefetching, giving you much more assurance and confidence that the links your users are clicking on are legit. This issue is potentially big enough, that we really suggest that all users of Dada Mail upgrade to v11.15.0 (or whatever is the latest version) as soon as they can. We have upgrade instructions so that you can the upgrade yourself. If you don’t want to do it yourself, we’ll do it for you with minimal fuss to get you upgrade with little to no downtime to your busy mailing lists. If you have any questions, contact us today and we’ll help you answer any concerns you may have.
As well as the above, we’ve upgraded Dada Mail’s bundled version of jQuery from v2.2.4 to the latest, 3.6.0. There’s some open security issues pertaining to that older version of jQuery that you should be made aware of, but we’ve not see any way to exploit those security issues from within Dada Mail. Still, we thought it worthwhile to make changes in Dada Mail to support the latest version of jQuery.