Slashdot Mirror
Does SPAM Unsubscribing Really Work?
dacarr asks: "An associate on a mailing list I am on recalled an article (which he, in turn, does not recall), in which the author managed to reduce his spam some 80% by, of all things, using the provided 'unsubscribe' mechanism in the messages. This is totally counterintuitive to what most of us have learned (doing so was a spectacularly good way to actually *confirm* your address) - but perhaps this isn't the case anymore, based on this. Has anyone else had any luck as far as this goes? By following the aforementioned unsub links, said associate found a number of broken links and dead addresses (and one link that tried to create an attachment and email it out (which he stopped)), but after three days and 400 unsub links, he trimmed his spam levels 'from an average of 250 a day to just 40 today' - that's just around 17% of what he was getting. Maybe spammers are getting their act together and listening for a change." Do any of you have any anecdotal evidence to provide to confirm or contradict this? Have you been able to lower your spam volume by "unsubscribing"?
And, AFAIAC, it can't make my spam any worse than it already is. Oh, hello, shub-internet, where did you come from?
.us, .biz, .info, etc. Actually, the best one for this would probably be .cx, but I don't want to scare off potential employers ;-)
... and getting spam from your own damn account.
Actually, although I don't have time now, when I run my own mailserver in a year or two, I plan on getting an odd domain -
What really sucks, though, is being joe-jobbed
It reduced the flow for a month or two and then as soon as your email is selled again (with the added value of being verified) the spam comes again full strength :(
my 2c
..but I don't see that people with a list of several million address really care whether yours is correct or not.
I would guess that if the headers seem reasonabley genuine, then unscribing might work, as it could just be something you accidently signed up for in the old days.
that the only time this is a valid mechanism, is when the sender of the e-mail has gotten your address through a partner agreement with a website where you provided an e-mail address as part of registering.
The other possibility is that some spammers are still using the functionality to validate e-mail addresses, but as part of that action, they hide the fact from the recipient by suspending spam to the address for some weeks or even months before re-distributing the address to their buddies. As a result, the recipient thinks that the "unsubscribe" worked, but in the end gets even more spam.
Then again, I could be wrong. I am sitting at around 2-300 spam messages per day, if I see other reports that this is working, perhaps I will try it out as well.
-Rusty
You never know...
About the only reason it makes sense to need confirmed e-mail addresses is if you are a) fishing by putting together common names and numbers or b) needing to reduce your bandwidth costs. With bandwidth costs decreasing as much as they have and the use of zombie machines, what's the point in testing e-mails anymore? Plus, if you use an alias that doesn't have common names, most of the spam you get is probably your own doing--signing up to sites that sell your address, posting publicly where spammers can harvest, etc. In other words, these addresses are probably fairly well confirmed anyway. "Unsubscribe-harvesting" doesn't add anything to those unscrupulous spammers (thus shouldn't add to your spam) and thus can only decrease it when legitimate spammers allow you to opt-out.
.. well, I was surprised :) But there ya go.
But since the OP asked for anecdotal evidence, my mom began clicking on every unsubscribe link she came across. She called me to tell me this (and I knee-jerked about what a horrible idea it was). Then she told me that her spam had decreased significantly since she'd begun unsubscribing, and
Maybe it was shear luck? I tested this out about 6 months ago. I created a honeypot email address that appeared on a website for a total of 24 hours. Got a little bit of spam on the account. When I unsubscribed (the ones which didn't bounce back, etc...), the amount of spam I started to receive grew expotentionally. So in my personal experience, unsubscribing still does nothing more than confirm your email address.
It's better to burn out than to fade away
We don't have a site wide spam filter. I get maybe 1 account a month that starts getting spam. I then get assigned to go and unsubscribe from all the spam messages. This seems to work for legit spammers. Now, my free yahoo mail account always has about 300-400 messages in its bulk mail. I wouldn't say yahoo's spam is as friendly as others. Heck, yahoo will sign you up for more spam if you don't keep track of your settings. Our e-mail problem is more with spoofed e-mail addresses. Getting a user to emtionally accept that concept is difficult. They usually understand it, they just don't accept that it could happen to them.
I'm a little too skeptical to try it with my primary email address. I tend to agree that some if it may go away initially, but your verified address will eventually be sold.
-Turkey
For what it's worth, I read an article similar to this one about a year ago. I clicked all the opt out links in my Yahoo account and continued to discard spam unread in my self-run account. I'm only one guy, which makes this statistically insignificant (and thus, it would be highly irresponsible to do something like writing an article about it!), but I can definitely confirm that the Yahoo spam skyrocketed while my other account stayed the same.
Perhaps our friend here is sending out a few "marketing messages" as well?
Fox: "No, really, we only eat bugs and stuff."
Chicken: "Oh, really? Great! Lets do lunch"
Fox: "Muahahaha"
I "unsubscribed" a unique spam trap email address and it started recieving spam a few months later.
And what if this 'anecdotal article' was in fact posted by a spammer.
What better way to try and reassure people that unsubscribing via the link in a spam email works and therefore get even more unsuspecting people to verify their addresses?
I have the "privilige" of owning my own domainname with unlimited email-addresses and, more importantly, a Catch-All address (e.g. mail to non existent mailboxes end up in the Catch-All address, which is, by choice, own email address).
/. article, once you start receiving spam on the 'fake' address (e.g. they sold your address to 3rd parties), that address is easily blocked by creating an auto-reply on my server whenever a message to newyorktimes@[mydomain.com] arrives.
When I register on a page (New York Times, for instance), I simply enter a non-existent email address with the name of the service: newyorktimes@[mydomain.com]. Any email (passwords) sent to that address will end up in my personal inbox, and I can easily check to which address it was delivered originally (by checking the "To" field or scanning the headers of the message).
The key part is that you can't use that address for ANY other purpose. Don't post it on forums, don't use it to subscribe to other services. If there's a spinoff-service from a site you're already registered to, and it requires you to register again, use a new address. It'll all end up in the same inbox anyway.
This has two upsides: it's easy to create sorting-rules in my email client and, in relation to this
In fact, its even hard proof for them selling your message, so you can back-track the user agreement and see if they're allowed to do that.
The big downside to this is that when you use a fake address for a public mailinglist, they can require you to send mail from that fake address. Then, you'll need a client that allows you to change the From-field in one way or another.
My $0.02.
P.S. I know you can get my domain from looking at my profile, but I figured I keep the example simple by using [mydomain.com].
No encryption can withstand the power of the Lucky Guess.
While the slashdot bretheren might be able to intelligently pick apart some message headers and the unsub link to see if there is any legitimacy to it, we all know that the average user has nowhere near that level of sophistication. Trying to get your average user to stop and think about where the unsub link is taking them is like trying to convince them that they shouldn't open attachments from e-mail addresses they dont recognize.
Hormel keeps sending me those cans of spiced ham, even though I've asked them to stop at least five times now.
Really, what's with the uppercase? Is "spam" an acronym now?
If you "unsubscribe" a few hundred email addresses in parallel, you can even /. a spammer's server and make it quite impossible for spam victims to order penis enlargement pills.
...if it's not on the front page it's very easy to get a first post; even after a few days there may only be a handful of comments. See if you can spot the front page articles in the Ask Slashdot section from the comment count.
One of the worst things, though, about having a "catch all" address on a domain, is that you receive all the bounces from forged spam that's using your domain.
I get tons of bounces from spam to things like: jsdjfqwnc@[mydomain.com].
Luckily these are relatively easy to filter, but are superbly annoying. Why do these spammers pick on my and my little, innocuous domain?
Worse, every once in a while because somepeople don't understand that from headers can be forged, I get on a blacklist, so my mail can't get to places like AOL, etc.
Is there any cure for this?
Ask Slashdot: Used Car Salesmen
I am looking into replaceing my '73 Ford Pinto and am considering going to a used car lot rather than a private sale. I know used car salesmen have a bad repuration, but some of them insist they are trustworthy. When a Used Car Salesman says they are telling the truth, can I beleive them?
Answer:
On occasion: yes. As a rule of thumb: don't count on it.
It's the delemma of return business. Sell one that's a lemon and you won't come back to the lot. Sell one that's too good and you'll never see them again. It needs to last just long enough (ideally after the lease ends) so that you may sill be there when they need to replace it again.
It really is return business they are concerend about. They are not extorting as much markup on the financing percentage or the value of the car itself that they can.
And you can trust me on that one.
--Shemnon
I can see why spammers might want this to work. When they get up on their moral high horse and try to tell everyone that they are providing a service, and doing nothing wrong, they love to be able to point to how they honor every unsubscribe request. Unsubscribing gives them the opportunity to pretend that they are a legitimate business with legitimate customer service behavior. However, the actual effect on total spam is insignificant, and there are so many lists out there that within a short time they are sending spam to you again, or they've switched their company name again and can send spam since it's not the company you unsubscribed from.
Spammers are scum. Scum loves to do little token things to try to prove that they are not scum, while still being scum to the majority.
...
If you don't happen to have your own domain, you can get the same benefits you described by setting up a Spamgourmet account.
You create throwaway addresses on the fly (just make them up - no logging in) and email gets forwarded to your real address. Works great for addresses you only expect to receive a few emails from (like when registering for NYT, etc), as the address automatically expires once you receive a certain number of emails. If you want to continually receive email at that address, you can specify an exclusive sender (by email address or domain) to allow email to come in indefinitely.
Works great and is free too.
Beauty is in the eye of the beerholder.
I think that a lot of Spam is actually unintentionally subscribed to. When I register my username and password on a website, it often asks if I would like to recieve occaisonal offers, get on their mailing list, and other things of that nature. I just say no (Which I think a lot of people fail to do) and if I do get sent unwanted email I unsubscribe and block the email. I dont get any Spam. None. Nada. It just doesnt happen. Its that simple.
Yes. Sit back and laugh. You seem like an intelligent person. Why would you possibly want to e-mail somebody who is do dumb that they have to use AOL. If you ask me, they are doing you a favor.
This also keeps your e-mail address out of the computers that are most likely to pick up trojans, spyware, and viruses.
"-1 Troll" is the apparently the same as "-1 I disagree with you."
and I take it one step further.
I run BSD on my domain and when I get 'bad' email hits, I have a realtime process that detects this and adds IPFW 'block' statements to cut that turkey off WHILE he's trying to smtp me. having my firewall and mail server on the same box lets me to this very realtime.
so while someone tries to send to "sales@" or something equally guessy and dumb (for my domain), he gets ipfw'd and he doesn't even GET to try to talk to me ever again.
it works. but only for small controlled sites.
--
"It is now safe to switch off your computer."
Unfortunately, the vast majority of spam lists are run by less-than-reputable companies and/or individuals. Unsubscribing from one of their lists will, at best, get you off that one list but then added to a bzillion more (at a premium, too, since you've now confirmed your address).
A couple of years ago I setup some spamtrap addresses to research this very thing. I followed the unsubscribe links in the spam that flowed in until I found one that asked you to enter your email address (rather than automatically supplying it). I entered a bogus address and promptly created a new spamtrap address to match it. I didn't use that new address for anything else. If I remember correctly, it took only two weeks before the spam started flooding in.
200+ spam mails a day. wtf. You have to try hard to get that much junk mail. ( I know I've done it before... but that is another story...) My guess is that he had subscribed to a lot of opt-in lists, and thought of them as spam. As most /. users know most of the guys/gals running those systems are legit honest people. And therefor he just unsubscribed from the list.
The moral of the story is get a email address for friends, for work, and one for mailing lists, and opt ins.
I have had a couple email addresses for almost 8 years now and they get 1-2 spam messages a week.
Except I "unsubscribe" to more than just the spam I received, I do it to all mail coming from its enclosing IP range-- by blacklisting it in my mailserver app.
In the case of harvested addresses, this technique probably will not work. But in the case of spam that pretends to be opt-in, the spammers may pay more attention to your requests.
Unless they were hacked and their DB was stolen. (This is of course a good excuse for them to use because you can't really disprove it. But then again, my former ISP was hacked and we started receiving spam at our account.)
Nevertheless, this trick with using a unique e-mail alias is very effective IMO. I use it, and my main inbox that I actually use is 99% spam-free. I receive less than 10 spam per year in it.
After i got fed up with spam at my old email address, I set up a new one. After I switched I decided to experiment with the old one... I recorded my email values for 2 weeks to get a baseline before starting the unsubscribe process. Everyday i would unsubscribed from each item. it took a couple of hours each day to go through the routine i had:
...one funny thing was that one of the spams had a cgi unsubscribe, and after unsubscribing to no avail once for each email they sent me, they gave me a warning that they had recorded my IP because I was performing a DOS attack on THEM, and that they would report me to the police... LOL
1. Follow the unsubscribe instructions given in the spam
2. If no unsubscribe instruction was given(or it wasn't working after a few days) I would follow the links to the sites being advertised, and unsubscribe from there.
3. If there was no unsubscribe at the site(or it wasn't working either), I would do a whois lookup on a domain involved with the spam, and call them on the phone to complain.
4. If the phone number in the Whois information was incorrect, I filed a complaint with internic about invalid Whois info.
http://wdprs.internic.net/
I saw my spam levels drop like a stone. went from 40-60/day to 5-10 average(one day i didn't get any!). I don't have the address anymore because I had already switched everything to my new one with no spam.
I could get the address back and check the spam levels now (about year later) but it's not realy appropriate as an test address anymore because you can't remove all filtering on hotmail anymore.
I also have my old data somewhere, and i could dig it up and put it here if anyone cares.
-John Fenley
I work for a online incorporator (we form corporations, LLC's, etc.). We maintain a email list that includes past clients, people who sign up for our newsletter, people who give us business cards at expos, etc. We send out about 5 emails a month.
Each time we send a email out dozens of people call us to bitch about it. We've been accused of "domestic terrorism" more then once. People scream about receiving emails for the last three months. I'd like to ask them why the hell the waited until they waited until the 15th email to complain and why they never unsubscribe, but I know better.
Hollow words will burn and hollow men will burn.
Spammers don't know about that subdomain to dictionary attack it, and if they did, I could just remove that entire subdomain from the DNS without any serious inconvenience.
I thought the same thing, in fact I setup my hotmail account specifically so that when web sites required me to register, that I would use this hotmail account that I would never use. After a year or two of that, my hotmail account looked horrendus. Spam galore, but how Hotmail opperated back then, it wouldn't refuse e-mail, it would just delete old e-mail to make room for the new e-mail. (they have since changed that - now if the account is full, it will not accept e-mail)
Since I had considered my hotmail account as a junk account, I figured it wouldn't hurt to see what would happen if I did try to unsubscribe. Especially when I found out that we could forward spam e-mail to uce@ftc.gov, I started unsubscribing, and sending copies to the FTC.
It was about this time that hotmail started implimenting their own spam filter which would catch e-mail from spoofed domains, as well as other protections to catch spam, and I noticed a huge decline in the amount of spam I was getting. Those who were legitimate (HA!) would take the unsubscribe seriously, and if they did sell my e-mail to someone even more unscrupulous, their unscrupulous nature would be caught by the built in spam blocking offered by hotmail.
Oddly enough, my hotmail account has become my main account, and the cleanup was a total success. I get perhaps 1 spam a week that finds its way through Hotmail's spam filter, and I always check for an unsubscribe method.
I haven't lost my mind!
It is backed up on disk...somewhere...
Well, that's why you should be doing confirmed opt-in, not just mailing folks who "should" get mail. Back in "the day", this wasn't such a problem, and I do sympathize with you. This is really the spammers ruining things for everybody else. So you want to make the user give you a response with a unique token to confirm that they want on.
The problem is, there's nothing you can do to assure legitimacy that spammers don't abuse. A good chunk of spam assures you at the bottom of the message that you really did subscribe to their list, so people just don't believe it. And people will forget astonishingly fast that they gave you their address.
Gentoo Sucks
And SCO is really only trying to help Linux.
Oh, and in other news, the Easter bunny really exists!!
Really, truly!!
There needs to be a good spam filter that actually works. Any suggestions? I think the open source community should get together and figure this out.
...
... 200 spams in 3 days without the account being advertised ANYWHERE. Seems like *@mydomain.net was used. I've taken all the spam from my catch-all account and unsubscribed *@wrjournal.net (that actually worked) and the spam coming into my server has been cut down almost 75%.
I own a domain and provide advertisement free email accounts. Luckily I've never caught a spammer among my users. However, over half of my bandwidth charges each month are from users downloading all the spam they get. I'd think that some of my users would use the blacklisting and spam filter each account comes with, but they don't. If only I could get them to use it
It seems that my domain has been a victim of spam attacks anyway, I created a spam@mydomain.net email account to see what I got for spam
No, I will not fix your computer.
~ Tech404
I've found the best way to tackle spam is to always give out an email address that reflects the sender. For ex. i don't really trust Singlepoint very much (UK telco dealer, very very baaaad & part of the evil Caldwell group). 'My' email address as far as they are concerned is singlepoint@mydomain.com If they send me garbage, I just block mail to that address. Downside is that any rare babies are chucked out with the ocean of bathwater. Remember though, the 80/20 rule is your friend :)
Erm.. this is obviously no good if your main mailbox is @hotmail, but then you probably shouldn't be allowed to use the tinopener nevermind the computer.
As things are now, I have to check all bounce messages because I can't remember all the fake email addresses I've given out.
Catch-all addresses aren't a good idea. Just wait until some spammer tries a dictionary type attack on your server. It happened to me 3-4 years ago.
What I do is similar to what you do (individual email address for everything I register for), except that I use sendmail's alias feature. I simply create an alias to my main mail account. Once I start receiving spam to the alias, to the virtual shredder that address goes.
It's better to burn out than to fade away
"Is windows losing ground"
"Does SPAM Unsubscribing Really Work?"
Let me think about all this...well..."no" and "no".
____
nico
Nico-Live
Why would you possibly want to e-mail somebody who is do dumb that they have to use AOL[?]
Says the guy with the geocities webpage.
Calling your local known felon and ask not be bugularize or robbed...
"Hello, this is John Smith living at 1234 Any Street. I have a lot of valuables and carry a lot of cash on my person, please do not rob me or bugularize my house."
ELOI, ELOI, LAMA SABACHTHANI!?
But this has its downsides. I'm not in the spammer's databases only as menscher@uiuc.edu, but as menscher+blah@uiuc, menscher+foobar@uiuc, and menscher+measlemorp@uiuc. So I get duplicate spams sometimes.
oh, and this also works when someone dictionary attacks you. that's easy. if a username is sent to that CLEARLY doesn't exist on that box (dictionary or not) then block him.
but if its a dictionary username, then REALLY block him. ie, add him to your etc/rc startup file as a perm block entry (really).
for extra credit, keep track of the hits and age entries out that haven't been hit for a while. but with today's cpus being so fast, I'm not even sure I _need_ to age entries out. a ghz processor can process a LOT of acl's and still be good enough for an edge subnet router/firewall/mail/dns server. at peak, I've seen 4000 dynamic entries in my 'ipfw -at l' listing. no biggie..
--
"It is now safe to switch off your computer."
I know the unsubscribe link in emails sent from Emma work. Only legitimate email marketing (not spam) is sent through that system, but the unsubscribe works.
I also happen to know that clicking the "this is spam" in many ISP webmail clients works as well. Sometimes the email marketer is notified to stop sending email to that address. It all can happen very automatically, and in a way "this is spam" is like a trusted opt out, with penalties if the emailer doesn't listen to requests.
-Jackson
It all comes down to who you submitted it to, and if they can really be trusted.
Some will share your email, and their 'partners' will also honor remove requests.
The really bad offenders I find are those that try to sell prescription drugs (viagra, etc., and other more generic stuff as well), the dept management/morgage spammers, and that id-10-t that thinks I need another diploma. For the morgage stuff I actually let them call me and tell them their lead finder is a spammer and I'll send bill them $100/email (since they're clearly associated to them) for the privilege.
It all comes down to being careful who you submit your address to / post it. Best to have a few emails, the usual 1 for friends, 1 for businesses, and 1 or more for throw-away.
And you can easily track them who is who by using some email services like spamgourmet.com - it's acutally fun somtimes.
AC comments get piped to
My concern with using unsubscribe links is that I would effectively be testifying to a lie. Someone sends me a spam, claiming that I opted-in and offering me a way to opt-out. If I go ahead and opt-out then it could be argued that I am showing my trust for this person, which would make it difficult to accuse them of lying in the first place.
I can't immediately think of any reason why this would be harmful on an individual basis, but over time, with hundreds of spammers being able to claim that I have shown trust for them, I fear this could come back to haunt me.
I was curious about this several years ago, so I decided that for every single spam sent to my netscape.net account, I would go through the unsubscribe process. I have been doing this religiously for about three years now. The volume of spam has slowly but steadily increased during that time. Half the unsub links are broken, and those that are typically send me five copies of the same message. The ones that do listen go away, but that doesn't matter. It's the ones that don't that constantly increase as the list is sold again and again. It is sort of like using antibiotics against infection. It works for a little while, but then you weed out the stoppable ones and the more hardy strains remain and thrive. Keep in mind I've been doing this for over three years now. Opt-out does not work.
spamtrap@ripserve.com a test honeypot address. do spambots crawl at -1?
I'm on (many) fully connfirmed discussion lists - one went several months without a message and then someone sent something and a discussion started, but even in that list someone screamed "I never signed up for this list! Stop spamming me or I'll sue!" They can scream all they want because the list owner has kept all the original confirmation responses over the years where they added themself[1] to the list. It's possible the original subscriber cancelled the address and someone else got a new account with the address, but it's more likely the person forgot they subscibed.
1. Yes I know that's a very odd word I used in an attempt to not use "himself or herself." Has English yet evolved so there's a cleaner way to do that?
Tag lost or not installed.
P.S. I know you can get my domain from looking at my profile, but I figured I keep the example simple by using [mydomain.com].
;o)
Get with the program - RFC 2606 clearly says that example.com has been set aside specifically for this purpose.
I've entered uce@ftc.gov into several spammers' "opt-out" webpages, and they all come back with "Thank you. uce@ftc.gov has been removed from our list." Yeah, right.
I had a work address from 1994 to 2000 - it got spam starting in 1995 (from a Usenet posting), I learned to read headers and report spam in 1997, and by vigorous reporting of every spam I got, I reduced my spams from about 60 per month to about 2 or 3 per month. I suspect my address ended up on a list of "vicious antispammers" and most (of the 'smarter') spammers filtered their lists against such "do-not-spam" lists. They certainly didn't stop using the '67 million emails' CD's just because I was reporting spams...
A truly legitimate unsubscribe system would say:
"You've been sent an unsubscribe email with a unique token. You must reply to the email with the token to complete the unsubscribe process. This his is to prevent unscrupulous persons from unsubscribing others without their permission."
and it should say that whether the address is in the system or not. If the address is in the list, the email with token will be sent, otherwise it will be ignored. Of course, the only systems that will implement this are ones where significant "unsubscribe" abuse has happened, such as yahoogroups.com (which hosts a large number of email lists).
Tag lost or not installed.
I do exactly as you describe, but mytimes@mydomain.com, e.g., gets forwarded to abuse@nytimes.com. I don't do this with all the one-time addresses I make up, but if I get at all suspicious about mail to that address, back to the offender it goes!
Sh*t Posing As Mail ... Nuff said.
Lagito ergo expectabo
No it does not. Spammers don't play fair. Here are my observations:
.gov site, hopefully bringing a lot of attention to them.
For every unsubscribe request, spammers may or may not actually unsubscribe.
Always, attempt to unsubscribe qualifies your address as a validated one.
Spammers always sell validated addresses to other spammers, whether they actually unsubscribed it or not.
Conclusion: after unsubscribe you always recieve more spam than before.
Best strategy is don't touch any spam links. Often they are encoded with uids associatable with your address somewhere in the wild.
Me builds a personal database of spam contractors (domains referenced by spam). An idea, those IP lists could be great for use in stealth nmap of a certain
There you are, staring at me again.
This website will trick a lot of spammers into taking you off their lists. Copy and paste a full message (in text mode) into their form. They get the real originating server from the headers and send a bunch of fake bounce messages to it. It worked like a charm for me!
I call bullshit. In fact as an anti-spam professional I know this is a load of crap. I have numerous domains I use for spamtraps and nothing else. I've scripted the seeding of hundreds of thousands of unique addresses for each domain (proper_pronoun@domain.tld) with these "remove" links. I've also seeded addresses with unique information that identified the "remove" form used to seed that particular list. I now get hundreds of thousands of pieces of spam per day on my spamtraps. Before I moved I was accepting and auto-reporting all that spam to NANAS and the FTC. When I moved I was forced to make the MX on all my spamtrap domains be localhost since I no longer had the bandwidth to accomodate the spew of spam. I can say with absolute certainty that "remove" forms DO NOT WORK. Anyone that uses them is an absolute idiot. If you know of any such idiot, lend them a hand and "unsubscribe" their address with every "remove" form you can find. If they're so sure it works then there shouldn't be any problem doing just that. I honestly can not believe that people actually think this works..
...and have had them accepted. I usually find out when they're accepted when the spam starts rolling into to the custom address I set up. The 419 scammer crowd shamelessly trawls slashdot.
FWIW, 22 minutes after posting to the main page is the record for the first spam to arrive