lib/PublicInbox/Unsubscribe.pm | 4 ++--

diff --git a/lib/PublicInbox/Unsubscribe.pm b/lib/PublicInbox/Unsubscribe.pm
index 1f5ce315a81651e6fa83a68c7b7d4b8de985ad5c..4ccdb7e0e33b38f8308650a4119a68cbc82bfe8a 100644
--- a/lib/PublicInbox/Unsubscribe.pm
+++ b/lib/PublicInbox/Unsubscribe.pm
@@ -77,7 +77,7 @@ 		return r($self, 400, 'Bad request',
 			'Missing mailing list name in path component');
 	}
 	my $user = eval { $self->{cipher}->decrypt(decode_base64url($u)) };
-	if (!defined $user) {
+	if (!defined $user || $user eq '') {
 		my $err = quotemeta($@);
 		my $errors = $env->{'psgi.errors'};
 		$errors->print("error decrypting: $u\n");
@@ -86,7 +86,7 @@ 		return r($self, 400, 'Bad request', "Failed to decrypt: $u");
 	}
 
 	# The URLs are too damn long if we have the encrypted domain
-	# name in the query string
+	# name in the PATH_INFO
 	if (index($list, '@') < 0) {
 		my $host = (split(':', $env->{HTTP_HOST}))[0];
 		$list .= '@'.$host;