I want to do a mailshot to an existing mailing list. I want to include an Unsubscribe link in the email which, when clicked by the recipient, will request a url to a script on my server which will process the unsubscribe request. When a recipient receives an email containing the unsubscribe link and clicks on the link I want to pull the email address from the "To:" box of the email and pass it to as a parameter to the script url i.e.
Unsubscribe
How do I do this?
I would do this server-side rather than client-side. One decent approach is to generate a random guid on your server for each email recipient. Then either generate a URL for each recipient containing their random guid, or use the guid as a URL parameter. When a recipient clicks on the email link to unsubscibe, you can use the guid to perform the "unsubscribe" action in your database for that recipient.
The use of a guid makes it impossible for an attacker to unsubscribe specific recipients. It also makes it very difficult for an attacker to unsubscribe random recipients because the guid search space is so large.
Clearly this only works if you can generate a customised unsubscribe link in each email. We probably need more info about your environment.