Slashdot Mirror
Does SPAM Unsubscribing Really Work?
dacarr asks: "An associate on a mailing list I am on recalled an article (which he, in turn, does not recall), in which the author managed to reduce his spam some 80% by, of all things, using the provided 'unsubscribe' mechanism in the messages. This is totally counterintuitive to what most of us have learned (doing so was a spectacularly good way to actually *confirm* your address) - but perhaps this isn't the case anymore, based on this. Has anyone else had any luck as far as this goes? By following the aforementioned unsub links, said associate found a number of broken links and dead addresses (and one link that tried to create an attachment and email it out (which he stopped)), but after three days and 400 unsub links, he trimmed his spam levels 'from an average of 250 a day to just 40 today' - that's just around 17% of what he was getting. Maybe spammers are getting their act together and listening for a change." Do any of you have any anecdotal evidence to provide to confirm or contradict this? Have you been able to lower your spam volume by "unsubscribing"?
It reduced the flow for a month or two and then as soon as your email is selled again (with the added value of being verified) the spam comes again full strength :(
my 2c
that the only time this is a valid mechanism, is when the sender of the e-mail has gotten your address through a partner agreement with a website where you provided an e-mail address as part of registering.
The other possibility is that some spammers are still using the functionality to validate e-mail addresses, but as part of that action, they hide the fact from the recipient by suspending spam to the address for some weeks or even months before re-distributing the address to their buddies. As a result, the recipient thinks that the "unsubscribe" worked, but in the end gets even more spam.
Then again, I could be wrong. I am sitting at around 2-300 spam messages per day, if I see other reports that this is working, perhaps I will try it out as well.
-Rusty
You never know...
About the only reason it makes sense to need confirmed e-mail addresses is if you are a) fishing by putting together common names and numbers or b) needing to reduce your bandwidth costs. With bandwidth costs decreasing as much as they have and the use of zombie machines, what's the point in testing e-mails anymore? Plus, if you use an alias that doesn't have common names, most of the spam you get is probably your own doing--signing up to sites that sell your address, posting publicly where spammers can harvest, etc. In other words, these addresses are probably fairly well confirmed anyway. "Unsubscribe-harvesting" doesn't add anything to those unscrupulous spammers (thus shouldn't add to your spam) and thus can only decrease it when legitimate spammers allow you to opt-out.
.. well, I was surprised :) But there ya go.
But since the OP asked for anecdotal evidence, my mom began clicking on every unsubscribe link she came across. She called me to tell me this (and I knee-jerked about what a horrible idea it was). Then she told me that her spam had decreased significantly since she'd begun unsubscribing, and
Maybe it was shear luck? I tested this out about 6 months ago. I created a honeypot email address that appeared on a website for a total of 24 hours. Got a little bit of spam on the account. When I unsubscribed (the ones which didn't bounce back, etc...), the amount of spam I started to receive grew expotentionally. So in my personal experience, unsubscribing still does nothing more than confirm your email address.
It's better to burn out than to fade away
For what it's worth, I read an article similar to this one about a year ago. I clicked all the opt out links in my Yahoo account and continued to discard spam unread in my self-run account. I'm only one guy, which makes this statistically insignificant (and thus, it would be highly irresponsible to do something like writing an article about it!), but I can definitely confirm that the Yahoo spam skyrocketed while my other account stayed the same.
I vote we all go out and try this on a large scale to see if it works. I will be glad to compile the results when we're done.
Sincerely,
Alan Ralsky
CEO, Email Clearing House
Perhaps our friend here is sending out a few "marketing messages" as well?
Fox: "No, really, we only eat bugs and stuff."
Chicken: "Oh, really? Great! Lets do lunch"
Fox: "Muahahaha"
And what if this 'anecdotal article' was in fact posted by a spammer.
What better way to try and reassure people that unsubscribing via the link in a spam email works and therefore get even more unsuspecting people to verify their addresses?
I have the "privilige" of owning my own domainname with unlimited email-addresses and, more importantly, a Catch-All address (e.g. mail to non existent mailboxes end up in the Catch-All address, which is, by choice, own email address).
/. article, once you start receiving spam on the 'fake' address (e.g. they sold your address to 3rd parties), that address is easily blocked by creating an auto-reply on my server whenever a message to newyorktimes@[mydomain.com] arrives.
When I register on a page (New York Times, for instance), I simply enter a non-existent email address with the name of the service: newyorktimes@[mydomain.com]. Any email (passwords) sent to that address will end up in my personal inbox, and I can easily check to which address it was delivered originally (by checking the "To" field or scanning the headers of the message).
The key part is that you can't use that address for ANY other purpose. Don't post it on forums, don't use it to subscribe to other services. If there's a spinoff-service from a site you're already registered to, and it requires you to register again, use a new address. It'll all end up in the same inbox anyway.
This has two upsides: it's easy to create sorting-rules in my email client and, in relation to this
In fact, its even hard proof for them selling your message, so you can back-track the user agreement and see if they're allowed to do that.
The big downside to this is that when you use a fake address for a public mailinglist, they can require you to send mail from that fake address. Then, you'll need a client that allows you to change the From-field in one way or another.
My $0.02.
P.S. I know you can get my domain from looking at my profile, but I figured I keep the example simple by using [mydomain.com].
No encryption can withstand the power of the Lucky Guess.
Hormel keeps sending me those cans of spiced ham, even though I've asked them to stop at least five times now.
Really, what's with the uppercase? Is "spam" an acronym now?
If you don't happen to have your own domain, you can get the same benefits you described by setting up a Spamgourmet account.
You create throwaway addresses on the fly (just make them up - no logging in) and email gets forwarded to your real address. Works great for addresses you only expect to receive a few emails from (like when registering for NYT, etc), as the address automatically expires once you receive a certain number of emails. If you want to continually receive email at that address, you can specify an exclusive sender (by email address or domain) to allow email to come in indefinitely.
Works great and is free too.
Beauty is in the eye of the beerholder.