The permissions subscriptions to MB / Blog / etc. can be handled through the Subscribe Action. When the portal sends out an e-mail, it checks if the user can still get it based on the group membership, which is not correct, as permissions can be handled separately from that.
This is causing a lot of problems as it unsubscribes the users in almost random scenarios.
The API needs to be changed and the e-mails should be sent out based on the permissions.
Subscriptions should be only removed from the system when the user is deleted from the system. (We can create a cleanup task later to remove all of those subscriptions which doesn't have the permission). The reason is: when someone edits his blog and checks the permissions, one mistake should not unsubscribe all of the readers.