Slashdot Mirror

← Back to Stories (view on slashdot.org)

Does SPAM Unsubscribing Really Work?

Posted by Cliff on from the lowering-the-junk-mail-volume dept.

dacarr asks: "An associate on a mailing list I am on recalled an article (which he, in turn, does not recall), in which the author managed to reduce his spam some 80% by, of all things, using the provided 'unsubscribe' mechanism in the messages. This is totally counterintuitive to what most of us have learned (doing so was a spectacularly good way to actually *confirm* your address) - but perhaps this isn't the case anymore, based on this. Has anyone else had any luck as far as this goes? By following the aforementioned unsub links, said associate found a number of broken links and dead addresses (and one link that tried to create an attachment and email it out (which he stopped)), but after three days and 400 unsub links, he trimmed his spam levels 'from an average of 250 a day to just 40 today' - that's just around 17% of what he was getting. Maybe spammers are getting their act together and listening for a change." Do any of you have any anecdotal evidence to provide to confirm or contradict this? Have you been able to lower your spam volume by "unsubscribing"?

6 of 107 comments (clear)

  1. With high bandwidth, does it matter? by Sancho · · Score: 3, Interesting

    About the only reason it makes sense to need confirmed e-mail addresses is if you are a) fishing by putting together common names and numbers or b) needing to reduce your bandwidth costs. With bandwidth costs decreasing as much as they have and the use of zombie machines, what's the point in testing e-mails anymore? Plus, if you use an alias that doesn't have common names, most of the spam you get is probably your own doing--signing up to sites that sell your address, posting publicly where spammers can harvest, etc. In other words, these addresses are probably fairly well confirmed anyway. "Unsubscribe-harvesting" doesn't add anything to those unscrupulous spammers (thus shouldn't add to your spam) and thus can only decrease it when legitimate spammers allow you to opt-out.

    But since the OP asked for anecdotal evidence, my mom began clicking on every unsubscribe link she came across. She called me to tell me this (and I knee-jerked about what a horrible idea it was). Then she told me that her spam had decreased significantly since she'd begun unsubscribing, and .. well, I was surprised :) But there ya go.

  2. Re:Pure Luck? by AnwerB · · Score: 5, Interesting

    > When I unsubscribed (the ones which didn't bounce back, etc...), the amount of spam I started to receive grew expotentionally.

    You know, it might have just grown anyway, as the email address was copied from list to list...

    It might have been a good idea to do a control study, where you set up two emails, equally obscure and subscribe to the same sites. On one email unsub., and see what happens.

  3. Not entirely the same method, but effective anyway by Frambooz · · Score: 5, Interesting

    I have the "privilige" of owning my own domainname with unlimited email-addresses and, more importantly, a Catch-All address (e.g. mail to non existent mailboxes end up in the Catch-All address, which is, by choice, own email address).

    When I register on a page (New York Times, for instance), I simply enter a non-existent email address with the name of the service: newyorktimes@[mydomain.com]. Any email (passwords) sent to that address will end up in my personal inbox, and I can easily check to which address it was delivered originally (by checking the "To" field or scanning the headers of the message).

    The key part is that you can't use that address for ANY other purpose. Don't post it on forums, don't use it to subscribe to other services. If there's a spinoff-service from a site you're already registered to, and it requires you to register again, use a new address. It'll all end up in the same inbox anyway.

    This has two upsides: it's easy to create sorting-rules in my email client and, in relation to this /. article, once you start receiving spam on the 'fake' address (e.g. they sold your address to 3rd parties), that address is easily blocked by creating an auto-reply on my server whenever a message to newyorktimes@[mydomain.com] arrives.

    In fact, its even hard proof for them selling your message, so you can back-track the user agreement and see if they're allowed to do that.

    The big downside to this is that when you use a fake address for a public mailinglist, they can require you to send mail from that fake address. Then, you'll need a client that allows you to change the From-field in one way or another.

    My $0.02.

    P.S. I know you can get my domain from looking at my profile, but I figured I keep the example simple by using [mydomain.com].

    --
    No encryption can withstand the power of the Lucky Guess.
  4. Re:Not entirely the same method, but effective any by TheGratefulNet · · Score: 2, Interesting

    and I take it one step further.

    I run BSD on my domain and when I get 'bad' email hits, I have a realtime process that detects this and adds IPFW 'block' statements to cut that turkey off WHILE he's trying to smtp me. having my firewall and mail server on the same box lets me to this very realtime.

    so while someone tries to send to "sales@" or something equally guessy and dumb (for my domain), he gets ipfw'd and he doesn't even GET to try to talk to me ever again.

    it works. but only for small controlled sites.

    --

    --
    "It is now safe to switch off your computer."
  5. Re:Pure Luck? by Just+Some+Guy · · Score: 2, Interesting
    I created a honeypot email address

    Thanks. That would explain all of forged sandman@honeypot.net spams that I have to deal with.

    Yes, I own honeypot.net. About once a week, some jackass decides that "foo@honeypot.net" would be a splendid From: address, so I suddenly get thousands of bounce messages, whiny upset recipients, and other administrative hassles. My Sendmail reject list is growing longer by the month.

    --
    Dewey, what part of this looks like authorities should be involved?
  6. Re:People not using unsubscribe is a pain in the a by antispam_ben · · Score: 2, Interesting
    I agree absolutely with cmowire - just because someone at a convention gives you a business card with an email on it, that doesn't even mean the card belongs to the person who gave it to you. In ALL cases where an address is added to your list you should send ONLY a confirmation message telling something about the list with a unique tag. If you don't get a response (in a reasonable time such as three days, but you can tell them how to request another confirmation if they've been on vacation for a week), you need to delete the email as if you had never entered it into your system (or at best save it in a "failed to confirm" file for auditing purposes only). It's much too easy to add "someone else's email address" to uncomfirmed lists like yours - you can mean well but still be an unintending source of spam and mailbombing.

    I'm on (many) fully connfirmed discussion lists - one went several months without a message and then someone sent something and a discussion started, but even in that list someone screamed "I never signed up for this list! Stop spamming me or I'll sue!" They can scream all they want because the list owner has kept all the original confirmation responses over the years where they added themself[1] to the list. It's possible the original subscriber cancelled the address and someone else got a new account with the address, but it's more likely the person forgot they subscibed.

    1. Yes I know that's a very odd word I used in an attempt to not use "himself or herself." Has English yet evolved so there's a cleaner way to do that?

    --
    Tag lost or not installed.