diff --git a/app/controllers/email_controller.rb b/app/controllers/email_controller.rb
index f0556f608dd..8fd9e9bbcf6 100644
--- a/app/controllers/email_controller.rb
+++ b/app/controllers/email_controller.rb
@@ -110,8 +110,10 @@ class EmailController < ApplicationController
 
   def unsubscribed
     @email = params[:email]
-    raise Discourse::NotFound if !User.find_by_email(params[:email])
+    user = User.find_by_email(params[:email])
+    raise Discourse::NotFound unless user
     @topic = Topic.find_by(id: params[:topic_id].to_i) if params[:topic_id]
+    raise Discourse::NotFound unless Guardian.new(user).can_see?(@topic)
   end
 
 end