Slashdot Mirror
Do Unsubscribe Links Stop Spam?
Kaiten writes "Brian McWilliams of Spam Kings fame has just published a fascinating spammer exposé over at Salon. Using a pseudonym, he was hired to send junk email on behalf of a spam operation that has been burying people (me included) with spam for fake Rolex watches. The article details how the spammers handle the 200,000-plus unsubscribe requests they get each month. Seems that LOTS of geeks actually cross their fingers and click those remove links. And, surprise, surprise, the spammers usually ignore the unsubscribe requests."
expect the unsubscribe link to work?
Using the link will
a. confirm your address
b. be ignored / or removed from that 'particular' offer list
c. added to 100s of other lists
unsubscribe is a bit fuzzy
spammer may unsubscibe you from one list, company or offer while adding you to many others
riiiiiiiiiiiiight..... and next time someone steals your wallet, send them a polite letter asking them not to use the cards and return it immediately :)
That sounds more like the usual WebObjects bugs...
Do Unsubscribe Links Stop Spam?
While they don't exactly stop spam, they do prove useful. You can immediately sort possible-spam by whether it offers an unsubscribe option. If it doesn't have it, it's definitely spam. If it does have an unsubscribe link, it's either legit (newsletter perhaps), or spam disguised with a fake unsubscribe. While the fake unsubscribe doesn't really help the end user, it offers a way to track and prosecute those who violate CANSPAM which requires that the unsubscribe option be present in some form, and that it work.
Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
WHich just so happens to prove the submitter is wrong in his assumption that any geek would actually click the "Unsubscribe" link. Any geek that displays external images or clicks on such a link needs to have his head examined unless he or she actually wants more spam.
No, I know for sure that they don't help. For years I have been trying to get MORE spam. The main way I have done this has been unsubscribing from lists! In fact, I even "unsubscribe" an address that was never subscribed. Indeed, that new address is now getting plenty of spam.
Unsubscribing from spammer's sites will get you more spam. Unsubscribing from mailing lists will work, of course, but mailing lists != spam.
You must be new....uh....to spam :)
It would be cool if it didn't suck.
At the very least, however, the same laws which apply to telemarketers should apply to spammers. If I remember correctly, here in the States, if someone recieves a telemarketing call and requests to be removed from the telemarketers' list of numbers, the telemarketing company is required by law to remove that number from their list. The same thing should apply to spammers, and be enforcable with (at the very least) heavy fines.
Many Bothans died to bring you this sig.
Yea it is nice. But unfortunatly I wish I had a feature to select all my spam. and forward it to spam@ftc.gov keeping all the headers.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Some people say spammers don't clean up their lists of email addresses of the ones that bounce.
If this is true, then why would they bother with confirming that each address is "live"?
I believe that a very small majority of spammers go through with the efforts of tracking their "spamees". What incentive do they have to clean up their e-mail lists? Why take a chance of eliminating any possible "spamees"? Do they really care if they send out 500,000 spams instead of 750,000 spams? Of course not.
That may have been the case in the past, but it certainly isn't now.
In the past you would get a little spam from a lot of sources, now you get a ton of spam from just a few sources, and these sources are very good at what they do. It's their business.
Many of them have invested countless hours in custom tools to improve their profitability and the ease with which they spam.
There are exceptions to this, of course.
But as evidence that they are very proactive in grooming their lists, see the recent Slashdot story that turning off your mail server for just one day will get you removed from 90%+ of spam lists. That is a very fast response, and does not indicate laziness or complacency.
Lose Weight and Feel Great with Isagenix
Sigh Assuming by "geeks," you're referring-to computer geeks: Real geeks don't click remove links.
Real (computer) geeks don't use MS Windows. Real computer geeks don't program in some variation of BASIC. And very few real geeks bother with /. anymore, cuz /. is mostly inhabited by geek wannabe's.
Much of McWilliams' spammer expose' book is only marginally based on reality, btw. (Real geeks already knew this.)
You must not be involved in business or dealing with the public. That's nice. Here on planet "not living in our parents' basement," we need to let people know what our email address is and have that email address be there for a while.
The second part of that might actually be true.
Now before I get modded down, I be to remind whoever might read this that what I am saying is FACT. - bogaboga
An uncontrolled experiment. You don't know that the 400% jump was due to the unsubscribe link. You should have created two addresses simultaneously, one where you clicked a link and one where you didn't, and compared.
Perhaps the service providers / hosting companies removed them before you got a chance to check out their products.
Just wait for one of your friends to be infected by trojan.
I have email address that is not listed anywhere and should be used only by some friends in order to contact me quickly, but it started getting spam after one friend got mail trojan.
Seriously, just watch the ad. Salon isn't attempting to gather information from you like NYTimes or San Jose Mercury News does with their lockout schemes.
You watch a short ad. Big deal. Delete the cookie afterward if you're paranoid. I wish the other online newspapers would see the merits of this model.
Posting the content on slashdot like this just hurts the chance you'll see other registration-only papers switch to this relatively benign method of getting revenue.
Two years ago, it had gotten to the point that I was getting over 200 pieces of spam a day, and not the yummy kind that comes in a tin. Before initiating an email address change, I decided to try an experiment: see if clicking those unsubscribe links actually did anything. So, for one week, I followed the unsubscribe instructions on every piece of spam I got. The result: a 2/3 reduction in spam. That's pretty significant, but hardly worth the effort in my case, as I was still getting dozens of piece of spam a day, and unless you keep up with the unsubscribing, it just goes back up to the previous level within a few weeks, anyway.
So, yeah, you CAN reduce the amount of spam, but it becomes a regular maintenance task every day, and really isn't worth it in the end.
My advice: get your own domain and handle your own email accounts. Create special ones that simply forward to your main email address, to use on sites that require an email address for full functionality, and when you start getting spam, you know where it came from, and can shut that particular email forwarder down. It's a bit of a pain, but a LOT LESS pain than trying to unsubscribe from spam.
Obviously, anti spam tools like bayesian filters and what-not are always a good idea, but can let spam get through, and can block some wanted emails.
YMMV (but probably won't).
Actually...I hate to tell you guys this, but most spammers use those unsubscribe requests all right. They use them to verify that the email address is active, and it goes into a higher priority hit list. Even if they're in the US where the law says they must honor your unsub request, there's nothing that says they can't sell the information to other spammers that this is an actively used email address with a real live person on the other end of it.
About 18 months ago I did a little experiment. I set up my own junk inboxes at different email services and started handing them out. Three of them I unsub'd every spam email I got, and the other three I didn't. Guess which one eventually ended up getting buried in 10 times more spam...
I have a friend that is quite intelligent. He did a spin on the same idea, and I recommend it to anyone that wants to cut their spam to one or two mails per week (or you could just get a gmail account--I only get a few spam messages per week over there). Here's how it works...
Go out to every free email service you can get your hands on that supports POP3 download. Hand those addresses out to every spam list you can get your hands on. Periodically (every hour or so) download those messages into your Bayesian spam filter, marking them as spam (salearn that comes with spam assassin, for instance). I know of no better way to train your filter system and keep your spam stats up-to-date.
Of course, this isn't totally free of manual intervention. There's the initial setup of all this, which is more or less a one-time thing, but for it to truly work well, you have to make sure you also pipe all your regular mail (ham, as spam assassin calls it) into your Bayesian filter as non-spam mail, and if any spam does show up at your regular address, make sure you sort it into a separate folder and deal with it as spam. The spammers are getting more and more clever every day, and the line between spam and ham gets ever fainter, requiring that much more learning by the filtering system to keep straight what's what. But it's really not more work than you go through anyway, and you'll collect far more stats to use against the spammers than you otherwise would.
And let's not forget the best part, either. Signing up for and collecting all that spam costs spammers a little change (though, you could argue it also costs the hosts of your spam accounts, though you can delete the downloaded messages off the server every hour as part of the d/l to try and minimize impact on them).
but have you considered the following argument: shut up.
That would work if the spam correctly reported its origin.
But that's not in the spammer's best interest. It's better for them to use zombies and open relays.
You'll bounce their message to a server that didn't send it and they'll bounce a message to you saying that such-and-such person isn't there...
It's better to just delete them (after sending the headers to spamcop).
The trust of an unsubscribe feature is directly related to the legality of the method that was used to obtain the email address. I don't trust unsubscribe for addresses which I know were scraped off a web page. I have, however, had luck getting unsubscribed from the entire list peel.com "affiliates" after signing up for spam in a vain attempt to "win an xbox".
Dear Mr. Convicted Felon,
My name is Joe Blow living at 1234 Any Street, Any Town USA. I am writing you to opt-out of your crime spree target list. Please do not rob me or bugularize my home, even though I regularly carry a large sum of cash on my person and keep most of my valuable assets in my home...
ELOI, ELOI, LAMA SABACHTHANI!?
instead of having the list have email addresses stored, why not just long hashes of those email addresses. then, the spammers just hash the email address, submit to the list to see if its there, and do whatever based on if it is or not. anyway, not perfect, because people still wont follow the rules, but it provides at least a little wall of protection because SOME people would use it.
One thing really missing is a national or perhaps even a global unique "company ID". Law makers are so eager to tag and trace individuals, but ignore company tracking. It is time for a national company-ID number. Every company that pays US taxes is assigned a Tax ID. Been around forever. I used to be able to rattle off Tax IDs for about half of the Fortune 500 due to my job. What possible good would it do to identify companies by a number rather than a name? The problem is fraudulent companies, not an inability to identify them by number.
How much extra time do you have? Opening every single spam and trying to 'unsubscribe' is a VERY tedious task.
The only way to really get rid of spammers, and this includes "legitimate" spammers like our friend Scotty, is for the feds to get serious about prosecuting them. And I don't mean filing charges based on some kooky new anti-spam law that is full of loopholes. Take them down like they did Al Capone. Start investigating known spammers for all different kinds of law violations, like tax law, interstate commerce law, licensing regulations (do those online pharmacies that have operations in the US have proper licenses?) and other general business regulations. I'll be willing to bet that almost all spammers are breaking a law in some way. Find that, shut them down, and others will get the hint. Sure, some people will continue to do it, but the volume of spam will decrease as the overall cost of sending spam increases.
I'm sorry to hear you had this experience. It may be that the former AT&T wireless used some third party e-marketing companies to send those emails and frequently these types of companies, although they claim legitimacy through selling their services to bigger "name" companies also use the same "modus aparendi" of spammers i.e. not honoring removal requests. Often the larger company doesn't closely monitor the "service" they've purchased and the e-mailer operates with impunity. Also make sure when you sign up for any service you buy to carefully read the "terms and conditions" that are part of your agreement. Most big cellular and ISP type services include a caveat that says in effect "if you establish a business relationship with us you agree to our right to send you messages about further offers etc". This is essentially their license to send you this email i.e. "you agreed to it"...lol They often will still have a way to request out of these emails but honoring those requests is a different matter as you are well aware by now. :)
This has happened to me as well so I feel your pain, hopefully you won't have this problem with your new provider
We are what we repeatedly do. Excellence then, is not an act, but a habit.