Slashdot Mirror


Do Unsubscribe Links Stop Spam?

Kaiten writes "Brian McWilliams of Spam Kings fame has just published a fascinating spammer exposé over at Salon. Using a pseudonym, he was hired to send junk email on behalf of a spam operation that has been burying people (me included) with spam for fake Rolex watches. The article details how the spammers handle the 200,000-plus unsubscribe requests they get each month. Seems that LOTS of geeks actually cross their fingers and click those remove links. And, surprise, surprise, the spammers usually ignore the unsubscribe requests."

5 of 521 comments (clear)

  1. Don't do it! by sjrstory · · Score: 5, Informative

    A reply confirms there is a live person behind the email address. And for those with a HTML-enabled email client, a cleverly placed (and sized, ie 1 pixel) embedded image to an external site with a unquie string keyed to your email address is yet another trick spammers have for confirming your address.

    1. Re:Don't do it! by zerocool^ · · Score: 5, Informative

      Newsflash.

      If you install Service Pack 2, Outlook Express does too.

      --
      sig?
  2. MIT Spam Conference by JohnGrahamCumming · · Score: 5, Informative

    And if you like what you read you can come and hear the author speak at the MIT Spam Conference on January 21.

    John.

  3. So you dont have to watch the Ad.... by Anonymous Coward · · Score: 5, Informative
    Dec. 14, 2004 | Casper Jones is the head of BlackMarketMoney.com, a spam operation that's been pelting the Internet with junk e-mail for fake Rolex watches. I'm almost positive his name is a pseudonym. But does he know that Chris Smith is not my real name?

    That's how I introduced myself last month, when I sent Casper an e-mail asking to join his spamming crew. I fibbed to him that I was a full-time bulk e-mailer looking for a new sponsor. I said that one of my business associates had recommended his program. (For authenticity, I lightly sprinkled typos and grammatical errors throughout the message.)

    I wanted to be one of Casper's sales affiliates. In today's world of spam, a sales affiliate sends out junk mail on behalf of a spam-site operator or "sponsor," who assigns the affiliate a special tracking code to include in his e-mail ads. For every sale the affiliate's spams generate, he is paid a commission by the site operator. Sponsors also provide "remove" lists, spamming software, and other support to help their affiliates successfully market the site.

    Since September, Casper and his associates had been clogging my various e-mail accounts with ads for a watch shop called Royal-Replicas.com (formerly onlinereplicastore.com). I filed several complaints with the Chinese Internet service provider hosting the site, to no avail.

    I suppose I could have just clicked the "unsubscribe" links in the dozen or so spams they sent me every day. But I didn't trust these people one bit. I was sure that if I could get inside Casper's operation, I would find hard evidence confirming what savvy Internet users instinctively know: Trying to unsubscribe from spam is a fool's game.

    Just look at the place. Royal-Replicas.com provides no physical mailing address in its junk e-mails or at the site. The domain's registration record lists someone in Spain as the owner. The site is hosted on a server in China, but the order page cites prices in Indian rupees as well as U.S. dollars. The headers of the spams reveal that many have been sent via "zombied" home computers. Even the headers of Casper's private e-mails are a fraud. (He routed all his messages to me through proxy computers in South Korea.)

    The "About Us" page at Royal-Replicas.com doesn't help much, either. It contains little more than a bizarre rationale for buying its $300 knockoffs rather than the real thing: "Many people purchase watches that cost thousands of dollars and render the wearer liable to get their hand chopped off while walking home from a posh cocktail party."

    Bulk e-mailers are required to honor list-removal requests under the U.S. CAN-SPAM law. But still it's common knowledge that clicking an unsubscribe link or handing over your e-mail address on a junk e-mailer's remove page is insane. The U.S. Computer Emergency Readiness Team (US-CERT) warns that unsubscribe links are "often just a method for collecting valid addresses that are then sent other spam." The FTC has sent warning letters to at least 77 marketers for their failure to honor unsubscribe requests.

    Sure, a few spammers might take your name off to avoid trouble. But to most, you're merely confirming that they've found a live one. Next thing you know, they'll have sold your e-mail address to other spammers as "validated" -- or, in other words, ready for spamming.

    At least, that's what I thought until Casper brought me onboard. My undercover mission into the heart of fake-Rolex spam didn't turn out exactly as I had expected.

    I tried flattering Casper in my e-mails, gushing that he had astutely tapped into a timely and lucrative spamming niche. (You could probably find similar watches on the streets of Chinatown for $25, but hey, some people prefer the convenience of holiday shopping from home.) But Casper doesn't let just anyone join BlackMarketMoney.com. After I sent my introductory e-mail as "Chris Smith" from a free webmail account I had created, he asked to know the name of the person who had referred m

  4. Re:That's easy... by BMcWilliams · · Score: 5, Informative

    Fwiw, if you make it to the end of the article, you'll see that the Rolex spammers actually DID remove me from their lists. (Don't try this at home.)