Slashdot Mirror
Does SPAM Unsubscribing Really Work?
dacarr asks: "An associate on a mailing list I am on recalled an article (which he, in turn, does not recall), in which the author managed to reduce his spam some 80% by, of all things, using the provided 'unsubscribe' mechanism in the messages. This is totally counterintuitive to what most of us have learned (doing so was a spectacularly good way to actually *confirm* your address) - but perhaps this isn't the case anymore, based on this. Has anyone else had any luck as far as this goes? By following the aforementioned unsub links, said associate found a number of broken links and dead addresses (and one link that tried to create an attachment and email it out (which he stopped)), but after three days and 400 unsub links, he trimmed his spam levels 'from an average of 250 a day to just 40 today' - that's just around 17% of what he was getting. Maybe spammers are getting their act together and listening for a change." Do any of you have any anecdotal evidence to provide to confirm or contradict this? Have you been able to lower your spam volume by "unsubscribing"?
It reduced the flow for a month or two and then as soon as your email is selled again (with the added value of being verified) the spam comes again full strength :(
my 2c
that the only time this is a valid mechanism, is when the sender of the e-mail has gotten your address through a partner agreement with a website where you provided an e-mail address as part of registering.
The other possibility is that some spammers are still using the functionality to validate e-mail addresses, but as part of that action, they hide the fact from the recipient by suspending spam to the address for some weeks or even months before re-distributing the address to their buddies. As a result, the recipient thinks that the "unsubscribe" worked, but in the end gets even more spam.
Then again, I could be wrong. I am sitting at around 2-300 spam messages per day, if I see other reports that this is working, perhaps I will try it out as well.
-Rusty
You never know...
About the only reason it makes sense to need confirmed e-mail addresses is if you are a) fishing by putting together common names and numbers or b) needing to reduce your bandwidth costs. With bandwidth costs decreasing as much as they have and the use of zombie machines, what's the point in testing e-mails anymore? Plus, if you use an alias that doesn't have common names, most of the spam you get is probably your own doing--signing up to sites that sell your address, posting publicly where spammers can harvest, etc. In other words, these addresses are probably fairly well confirmed anyway. "Unsubscribe-harvesting" doesn't add anything to those unscrupulous spammers (thus shouldn't add to your spam) and thus can only decrease it when legitimate spammers allow you to opt-out.
.. well, I was surprised :) But there ya go.
But since the OP asked for anecdotal evidence, my mom began clicking on every unsubscribe link she came across. She called me to tell me this (and I knee-jerked about what a horrible idea it was). Then she told me that her spam had decreased significantly since she'd begun unsubscribing, and
Maybe it was shear luck? I tested this out about 6 months ago. I created a honeypot email address that appeared on a website for a total of 24 hours. Got a little bit of spam on the account. When I unsubscribed (the ones which didn't bounce back, etc...), the amount of spam I started to receive grew expotentionally. So in my personal experience, unsubscribing still does nothing more than confirm your email address.
It's better to burn out than to fade away
For what it's worth, I read an article similar to this one about a year ago. I clicked all the opt out links in my Yahoo account and continued to discard spam unread in my self-run account. I'm only one guy, which makes this statistically insignificant (and thus, it would be highly irresponsible to do something like writing an article about it!), but I can definitely confirm that the Yahoo spam skyrocketed while my other account stayed the same.
I vote we all go out and try this on a large scale to see if it works. I will be glad to compile the results when we're done.
Sincerely,
Alan Ralsky
CEO, Email Clearing House
Perhaps our friend here is sending out a few "marketing messages" as well?
Fox: "No, really, we only eat bugs and stuff."
Chicken: "Oh, really? Great! Lets do lunch"
Fox: "Muahahaha"
I "unsubscribed" a unique spam trap email address and it started recieving spam a few months later.
And what if this 'anecdotal article' was in fact posted by a spammer.
What better way to try and reassure people that unsubscribing via the link in a spam email works and therefore get even more unsuspecting people to verify their addresses?
I have the "privilige" of owning my own domainname with unlimited email-addresses and, more importantly, a Catch-All address (e.g. mail to non existent mailboxes end up in the Catch-All address, which is, by choice, own email address).
/. article, once you start receiving spam on the 'fake' address (e.g. they sold your address to 3rd parties), that address is easily blocked by creating an auto-reply on my server whenever a message to newyorktimes@[mydomain.com] arrives.
When I register on a page (New York Times, for instance), I simply enter a non-existent email address with the name of the service: newyorktimes@[mydomain.com]. Any email (passwords) sent to that address will end up in my personal inbox, and I can easily check to which address it was delivered originally (by checking the "To" field or scanning the headers of the message).
The key part is that you can't use that address for ANY other purpose. Don't post it on forums, don't use it to subscribe to other services. If there's a spinoff-service from a site you're already registered to, and it requires you to register again, use a new address. It'll all end up in the same inbox anyway.
This has two upsides: it's easy to create sorting-rules in my email client and, in relation to this
In fact, its even hard proof for them selling your message, so you can back-track the user agreement and see if they're allowed to do that.
The big downside to this is that when you use a fake address for a public mailinglist, they can require you to send mail from that fake address. Then, you'll need a client that allows you to change the From-field in one way or another.
My $0.02.
P.S. I know you can get my domain from looking at my profile, but I figured I keep the example simple by using [mydomain.com].
No encryption can withstand the power of the Lucky Guess.
While the slashdot bretheren might be able to intelligently pick apart some message headers and the unsub link to see if there is any legitimacy to it, we all know that the average user has nowhere near that level of sophistication. Trying to get your average user to stop and think about where the unsub link is taking them is like trying to convince them that they shouldn't open attachments from e-mail addresses they dont recognize.
Hormel keeps sending me those cans of spiced ham, even though I've asked them to stop at least five times now.
Really, what's with the uppercase? Is "spam" an acronym now?
If you don't happen to have your own domain, you can get the same benefits you described by setting up a Spamgourmet account.
You create throwaway addresses on the fly (just make them up - no logging in) and email gets forwarded to your real address. Works great for addresses you only expect to receive a few emails from (like when registering for NYT, etc), as the address automatically expires once you receive a certain number of emails. If you want to continually receive email at that address, you can specify an exclusive sender (by email address or domain) to allow email to come in indefinitely.
Works great and is free too.
Beauty is in the eye of the beerholder.
Yes. Sit back and laugh. You seem like an intelligent person. Why would you possibly want to e-mail somebody who is do dumb that they have to use AOL. If you ask me, they are doing you a favor.
This also keeps your e-mail address out of the computers that are most likely to pick up trojans, spyware, and viruses.
"-1 Troll" is the apparently the same as "-1 I disagree with you."
and I take it one step further.
I run BSD on my domain and when I get 'bad' email hits, I have a realtime process that detects this and adds IPFW 'block' statements to cut that turkey off WHILE he's trying to smtp me. having my firewall and mail server on the same box lets me to this very realtime.
so while someone tries to send to "sales@" or something equally guessy and dumb (for my domain), he gets ipfw'd and he doesn't even GET to try to talk to me ever again.
it works. but only for small controlled sites.
--
"It is now safe to switch off your computer."
use spamgourmet, then you don't have to worry about the checkboxes.
:) ]
[disclaimer: I'm associated with spamgourmet -- if that bugs you, please *don't* follow the link
who's moderating the meta-moderators?
Legit spammers? Do they exist?
Is it legal to use "legit" and "spammers" in one sentence?
I work for a online incorporator (we form corporations, LLC's, etc.). We maintain a email list that includes past clients, people who sign up for our newsletter, people who give us business cards at expos, etc. We send out about 5 emails a month.
Each time we send a email out dozens of people call us to bitch about it. We've been accused of "domestic terrorism" more then once. People scream about receiving emails for the last three months. I'd like to ask them why the hell the waited until they waited until the 15th email to complain and why they never unsubscribe, but I know better.
Hollow words will burn and hollow men will burn.
Well, that's why you should be doing confirmed opt-in, not just mailing folks who "should" get mail. Back in "the day", this wasn't such a problem, and I do sympathize with you. This is really the spammers ruining things for everybody else. So you want to make the user give you a response with a unique token to confirm that they want on.
The problem is, there's nothing you can do to assure legitimacy that spammers don't abuse. A good chunk of spam assures you at the bottom of the message that you really did subscribe to their list, so people just don't believe it. And people will forget astonishingly fast that they gave you their address.
Gentoo Sucks
Calling your local known felon and ask not be bugularize or robbed...
"Hello, this is John Smith living at 1234 Any Street. I have a lot of valuables and carry a lot of cash on my person, please do not rob me or bugularize my house."
ELOI, ELOI, LAMA SABACHTHANI!?
I'm on (many) fully connfirmed discussion lists - one went several months without a message and then someone sent something and a discussion started, but even in that list someone screamed "I never signed up for this list! Stop spamming me or I'll sue!" They can scream all they want because the list owner has kept all the original confirmation responses over the years where they added themself[1] to the list. It's possible the original subscriber cancelled the address and someone else got a new account with the address, but it's more likely the person forgot they subscibed.
1. Yes I know that's a very odd word I used in an attempt to not use "himself or herself." Has English yet evolved so there's a cleaner way to do that?
Tag lost or not installed.