Slashdot Mirror
Opting Out Increases Spam?
J. L. Tympanum writes "I used to ignore spam but recently I have been using the opt-out feature. Now I get more spam than ever, especially of the Nigerian scam (and related) types. The latter has gone from almost none to several a day. Was I a fool for opting out? Is my email address being harvested when I opt out? Has anybody had similar experience?"
It *does* show the spammers that the account is active and you're looking at the email...
Is my email address being harvested when I opt out?
Yes.
You've validated to the spammers that your email address is being actively read, and that you actually READ spam. You have confirmed to them that you are an excellent use of their resources.
1984 was not supposed to be an instruction manual.
It has always been my understanding that hitting those opting out links only verifies that your email address is valid.
Thus increasing the amount of spam because a valid email address is worth so much more...
I used to avoid water but recently I have been using the shower. Now I get more wet than ever, especially of the makes-my-skin-pruny (and related) types. The latter has gone from almost none to one or more a week. Was I a fool for taking a shower? Is my skin being harvested when I shower? Has anybody had a similar experience?
If spammers will not honour our private property rights by stealing our bandwidth and mail server ressources, what makes you think that they will honour requests not to be spammed again?
Worse, "opting" out confirms that the e-mail address the spam has be sent to is valid!!!
You never opt-out of spams, you LART their upstreams until they have no more connectivity.
People still fall for this "opt-out" scam? Really?
I thought this was pretty well known and understood by now, especially by Slashdot types.
There's no -1 for "I don't get it."
Is this guy serious?
I would give him the benefit of the doubt if this was circa 1997. But it's 2009, and even the birds on the trees are singing the tune "who tries to opt-out on spam is a fucking fool and deserves to have his e-mail harvested to hell and back". Or some such tune.
"The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
I have had the exact same experience with my hotmail account a few years ago. I would get almost no spam. This was great for years with that account. Then one day I got a few spam. I tried the "opt out" option and almost moments later I saw multiple spams coming in. I have not tried it with my gmail or any other account for fear that my spam will double.
As everyone says, opting out of spam mails just shows the spammer that your email is still active, and that you bother to look at the spam beyond deleting it.
The only opt out links worth following are ones you know the source of; i.e. something you once opted in to, or did not opt out of when you bought something.
e.g. Bought something at newegg and did not uncheck the box about mailing you about specials and deals.
Essentially, opting out only works for non-spam mailing lists. Spammers don't care and just use it to acknowledge a good target.
Are the editors in some kind of contest to put up the lamest "Ask Slashdot" story? If so, they can end it right now — Timothy has definitely won.
Or maybe not. Somebody might ask "why doesn't my computer work when it's not plugged in?"
Or are you trying to make one of your friends/enemies look dumb?
Do you have ESP?
A better Ask Slashdot question would have been: "how can I forge bounce messages so that they think my email address is invalid?"
Arguing about vi versus Emacs is like arguing whether it's better to make fire by rubbing sticks or banging rocks.
Has anyone explained why opting out is a bad idea yet?
AT&ROFLMAO
How on earth did this make any part of slashdot at all?
I actually did this on my mothers computer.
I looked at each spam message and made a call if I could trust the opt out, and I I went through her whole inbox. Result? Smap mail dropped from 100ish/day to less than 10 on average. And it stayed that way for near a year with a small trickle increase.
Not just that, but you confirmed to the spammers that you were stupid enough to believe something they said. Consider the advice of the great philosophers Mr. T and Nelson.
I'm an American. I love this country and the freedoms that we used to have.
It works even better if you include your SSN, DOB, and banking info too.
But if you really want to improve your fortunes, I know this Nigerian Prince that I can put you in contact with.
As someone who does responsible e-mail marketing, please let me make a distinction between that and spamming.
If you are getting notices to enhance your johnson or "Che@p drug$" or whatever, DO NOT use the "opt out" link. It confirms your e-mail address is functional. In fact don't open them at all. Report them as spam and help your ISP improve their filters.
HOWEVER, if you are receiving e-mail marketing you just don't want anymore--like say the daily deal e-mail from Expedia*--please use the opt-out link to cancel your subscription. Deleting them won't stop the flow, and marking them as spam hurts deliverability reputation, making it harder to get them to people who actually want them.
Perhaps I'll get modded down for saying this, but e-mail marketing can be done responsibly and is a big part of many legitimate businesses. I think this sometimes gets lost in the War On Spam.
* I don't work for them, this is just an example of an e-mail marketing that I know I get.
Build a man a fire, he's warm for one night. Set him on fire, and he's warm for the rest of his life.
> Was I a fool for opting out?
Yes.
> Is my email address being harvested when I opt out?
Yes. That's what it's for.
> Has anybody had similar experience?
I'm certain of it. I suggest you drop that address, create another one somewhere else, and then don't do that again.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
marketing from an otherwise legitimate company, opting out will work, but for spammers it just makes things worse. Spammers count on two things, that they just need a tiny percentage to respond to their solicitations, and that the rest of us will ignore it. Once a year I make a point of researching the complete header of spam and reporting them to their ISP and any law enforcement agency that has jurisdiction. They are engaged in fraud in the traditional sense of the term, so are violating existing laws. They are counting on the rest of us to just delete them and not lodge a complaint.
The Opt Out "feature" is simply a way spammers can discover if the addresses on their list are active. The spamed can then be moved to a premium "active" list so the email harvester can make more money selling the address again.
It's been years since they were relevant, and they last updated in January 2008. However, they've been featured on Slashdot before and that January 2008 update his close to the mark on this one.
Clueless Mailers is the group that mapped the flow of spam, tracking email addresses as they were sold from one company to another to another until they mapped who fed what.
That "recent" article covers the current problem of (supposedly) reputable companies buying mailing lists from clueless clowns, and the troubles that ensued.
If it's a company you've heard before, and you can verify that the "opt out" will actually go to them, then opt out that way. If you don't see why you got on their list, tell them so, and they may twig onto the fact that their list wasn't all that hot.
If it's a company you've never heard of or there's something in it that smells hinky, just delete it, let it slide, and let them think that the message sailed off into the æther, never to be heard from again.
That third case? If it looks like a reputable company but the opt-out goes someplace apparently unrelated, do not simply opt out. Send a copy of the message to the people at the real company complaining of the deception. And that one's the one to hope for. Because if you can point out to the home office either (a) that someone is using their name poorly or (b) if they are authorized agents, they're getting bogus email addresses from somewhere, then they'll stop buying those discount lists of bulk email addresses and start doing their own damn work.
You cannot truly appreciate Dilbert until you read it in the original Klingon.
Does anybody read any other responses before posting??
How many times has the same answer been given ?!?!
The people that profit from spam, credit card companies, also are a powerful lobby group.
In short, spam isn't going away.
Your contribution eating congress critters will make sure of that.
I ignore spam, but unsubscribe from any other advertisement sent my way. I have also embarked on a campaign to reduce my internet footprint by axing nearly everything I can. (It's impossible, but I still try.) I've gone from a hundred spams a day to less than 10--usually two or three.
How about a moderation of -1 pedantic.
To do it mostly properly you need to "bounce" at SMTP time. (Actually, you are refusing to accept the spam.)
So, in simple terms: set up your own email server, install an SMTP spam filter and give that delete button a rest.
In Debian, for example, apt-get install exim4 sa-exim spamassassin.
It was Seth Godin who pointed out that anyone seriously involved in marketing (as opposed to someone bulk-emailing thousands of people trying to sucker a precious two or three) would absolutely hate hate hate to alienate individuals by annoying them with unwanted messages
And yet almost universally doing business with a web-based company will get you signed up for their spam list under the guise of a "prior business relationship." They don't ask you if you want their crapmail, they just sign you up automatically. Maybe, if you are lucky, somewhere in their account settings (if they have 'accounts') is a place you can uncheck to turn off the crapmail. Until they reset their database and start sending it again.
The "prior business relationship" justification is just bullshit. If I want their crapmail I will explicitly request it. Otherwise they can fuck off.
Its gotten so bad now that I almost always use mailinator type addresses for online purchases. All I need is the usually instantaneous receipt via email and then I don't want to hear from them again unless there is a fuck-up with order fulfilment or delivery, which I can usually check on myself using the info on the receipt.
Only old people and spammers use email.
When information is power, privacy is freedom.
They want your innocence back.
But really, I've been using the same main email address for 12+ years now and in the first couple of years I did sometimes send the opt-out replies but mostly gave up because I just couldn't be bothered as the SPAM levels were so low, I do recall one time being Joe-jobbed and that was a bitch as I got more bounce messages in a day than SPAMs in a month and some of the emails were from real people simply emailing "opt out".
Nowadays my ISP uses Brightmail for spam filtering so I don't see most of it and the ones that get through are 'Mailwashed' before they have a chance of getting to my email app.
This topic does take me back though, anyone remember the early days of email and the myth of getting a computer virus simply by opening an email? Never happened on my Amiga, but Microsoft turned that myth into reality with Outlook and everyone has been plaged with virus in emails ever since...
To do something right, you often have to roll up your sleeves and get busy.
It's worse when you have a catch-all domain, especially if that domain shares a name with a blockbuster movie about to come out, or is in theaters, or was successful in theaters. It doesn't matter if it's .com, .org, .net, or whatever: spammers will forge under your domain and you'll get the bounce-back, and some of the addresses they spam to will also be spammers. Those spammers will then harvest those addresses and spam them directly, creating a feedback loop that grows so massive that your ISP will disable your server-side filters because they're too busy filtering the incoming spam, forcing you to close your catch-all domain to only those usernames for which you want to receive mail.
And then it will take hours for your ISP to open a new username at that domain instead of the mere seconds to whitelist it yourself, so you might as well register some obscure domain no one would ever want to trademark.
Though you may want to choose a domain that doesn't contain any HTML tag names like "script" or "table" in it. Some sites will strip anything that looks like an HTML tag from your registered e-mail address, leaving you unable to receive your password verification link.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
"I used to ignore spam but recently I have been using the opt-out feature. Now I get more spam than ever, especially of the Nigerian scam (and related) types."
Yeah, those come and go. But I get a lot of them.
"The latter has gone from almost none to several a day. Was I a fool for opting out?"
Well, I'm too polite to tell someone they were a fool, but yeah basically. A few spammers follow the law, they're allowed to take 10 days though.. some some are classy about it and shut it off right away, the others turn it off on like day 9. But for anyone that's not, that opt out means you have a *verified* E-Mail address and the spammers sell it for more than an unverified E-Mail list. Oh yeah, some used claim they aren't selling the addresses, they are "renting" them for some reason.
" Is my email address being harvested when I opt out?"
Yeah see the above.
" Has anybody had similar experience?"
I have an E-Mail address going back to like 1994. My original ISP contract included a NSF Network contract that we wouldn't send commercial traffic over the network (UUNet, MCI, etc. had not built backones yet so almost all traffic hit the National Science Foundation's mighty 45mbps T3 backbone. It was T1s (1.5mbits/sec) up to about 1992.
OK back on topic.. my spam on there steadily increased, I started using my own spam filter in like late 1990s. My ISP got one, then much more recently made the spam filtering like a $3 a month extra (after they replaced their custom-massaged in-house spam filter with some commercial setup). I get 200-400 a day typically. spamprobe traps them pretty well after about a week of training, only like 4 or 5 a day get through, some days it's actually 0!
Before I set up my spam filter, I used to file a report with the upstream ISP's abuse contact, sometimes I'd get an automated reply and occasionally a "thanks" or "yes we're shutting down their account now". One the ISP sent me back a note saying the spammer claimed I'd signed up for it. (The spams *did* have a note saying "you signed up from this IP at this date".) I pointed out the whois info showed the IP was bogus, and never heard back. I started getting like 20x more spam right after that though and have ever since. Ubuntu makes this look very different, I use alpine.. on my ubuntu box all the russian, japanese, korean, umm, I Thai?, etc. spam subject lines actually look "right" in alpine (a reimplementation of Pine.) In alpine on my gentoo boxes those spams are all "?? ????? ??"...
With something like alpine, to filter spam, set up spamprobe, you have your inbox, "spam", "nonspam", "remove" and "spamprobe". Your spam goes into spamprobe, other stuff in inbox. If you have spam in your inbox, you move it to "spam". If you find a message in "spamprobe" that *wasn't* spam put it in "nonspam" (The only false positive I had, my sister wrote me an e-mail about how funny some spam she got was and forwarded it.. so I can see it marking that spam. The spam was in fact funny.) I guess remove removes the mail's words from the spamprobe database entirely.
I guess modern graphical E-Mail clients have spam filters integrated that can be set up, as does GMail.
The opt-out links I've used actually did seem to work - both for legit companies I had prior business with and typical spam. But I haven't dealt with spam in ages. Hotmail filters it out well and gets far less than my Gmail account. I have no need to deal with spam anymore, other than baiting Nigerians.
I get tons of spam at work (and don't filter anything, so I see it all) and I have yet to a "modern" (within the last few years) spam that contains a valid method of contacting people in order to opt out. The majority of crap I see is from bogus addresses with no way to reply back.
Here's one that just came in, from Bakhshian - resonant@drtinker.com :
Sentimental songs which were composed entirely her how i ne
Sex & Ayyurveda (link to some yahoo groups page I dunno)
I told you so, exclaimed jose triumphantly, there by the power of his art,
to restore us to our he rapidly turned over the leaves of this volume few
things about which i want to ask his advice. The liberty to draw the bolt
against chance visitors, and wherever else a place could be found stood
have already explained to our young friend here,.
This message is to inform you that your credit card can be protected for FREE by simply responding with your full name, social security number, credit card number, and the security code.
I mean really, this is obviously a submission that was meant for April 1, but got delayed for some reason (or maybe it's just the obligatory dupe of it, and I missed the original). If not, hand in your computer operator's license immediately (this goes way beyond just handing in your geek card).
Outlook has a cute little bug associated with IMAP folders and using more than one mail client..... Outlook will send a "The email was not read" read receipt if the email is deleted from the imap folder before you've read it in Outlook... even if you tell Outlook not to send read receipts. This is rather annoying if you routinely use an alternative email to delete your spam. The next time you load Outlook it sends out a load of read receipts to the spam merchants, therefore confirming you (my!) email address.
P.S. Check out:
here,
here,
and
here. It's not just me!
return 0; }
... now you can take up scambaiting as a sport.
If libertarians are so opposed to effective government, why don't they all move to Somalia?
I hope you've learned from your mistake clicking on that opt-out link. There might be other reasons for the increase in spam, but opting out is likely a major one.
That said I often do opt-out of e-mail newsletters of websites that I've had prior business with. But not with every website *cough*classmates.com*cough*
Free Manning, jail Obama.
The opt out option is a trap, plain and simple. What you are doing is essensially saying "here is my email address" and they have an active account to share with their spammer friends.
Most spammers are doing so outside the law anyways, why would the stop just because you asked them? Unless its a legit newsletter, I say avoid the "opt out" thing.
Make SELinux enforcing again!
How could you possibly be so stupid as to trust a spammer?
By the way, I think the only way spam could be addressed is by changing the economic game. Right now the spammers think they are dividing by zero. They think the marginal cost of sending another million spams is zero, so if they find one more sucker who sends them some money, the RoI looks infinite.
We need to change the odds so that sending spam has a much higher probability of negative consequences. The so-called zero must be eliminated. Okay, so we can't send the spammers to Guantanamo, but at least we can nuke their spamvertised websites, cancel their domain registrations, and cut their ISP accounts. If a webhost, registrar, or ISP doesn't want to cooperate, we should put them out of business, too.
I really think Google could do this by implementing a powerful "Good Samaritan" anti-spam system in Gmail. Combine human intelligence to help make sure the correct people get notified quickly--and much quicker than the spammer can find the sucker.
Like the sucker who started this discussion by nicely asking the spammers to cease and desist.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
... if you opted in, it's safe to opt out. If you didn't opt in, opting out just tells the spammer that they have a live person at that address.
I did spam admin for many years back in the 90s, that was even the standard advice then.
If you want to end the spam for a bit, delete the account for a month or two or fake reject messages convincingly.
Shadus
successful troll is successful.
Copyright infringement is "piracy" in the same way DRM is "consumer rape"
If you ever wonder why so many spammers couldn't possibly care less about CAN-SPAM, just consider this:
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
would absolutely hate hate hate to alienate individuals by annoying them with unwanted messages.
Nice fiction. Pity it has nothing to do with the reality.
I have a prominent "No Junk Mail" sign on my mailbox. I get junk mail several times a week. I deal with many businesses where I told them I want legitimate correspondence and no advertising. They say it's "impossible".
Marketers are lying scum. When push comes to shove they do whatever they think they can get away with. The only thing that stops them is the law. A pity truth-in-advertising isn't actually enforced - if it was the majority of "legitimate" marketers would be in jail for fraud.
---
Marketing in a saturated market is a zero-sum game. When one player wins another must lose. In a saturated market; marketing = un-marketing = arms race = parasites.
Unless it's something you care about, opt out by blacklisting the sender. You won't get more spam from them then.
...the correct answer is no answer at all.
Opting out or responding to spammers in any way other than silence or bouncing is asking for trouble.
I have a 10+ year old email account that was used all over the place, and now has the dubious honor of getting well over 100 spams per day (unfiltered). I've recently applied the zen.spamhaus.org RBL and a short list of blacklisted domains and keywords (sorry, Mr. Hoodia, I won't be getting your emails). Applying a proper SPF record to the domain has drastically cut down on the non-deliverable backscatter. A couple of times a year, my email address was used as the reply-to address for an entire block of spam and in those cases I'd get hundreds of bounce messages in the course of a few hours. Now it's down to a few now and then, usually from hotmail.
As for opt-out, the remaining spam comes from what look like legit marketers. I definitely did NOT opt in to their list, but once one crooked spammer sells his "double opt-in email list", you're on it for good. The legit marketers send their mail from different domains, but if the spam has a good SPF record, and the opt-out notice goes to the marketing company and not the domain of the sender, I click on the opt-out link. Incoming mail that fails SPF is rejected. No SPF record and I don't opt out. And after a few weeks, I see a negligible amount of repeat email from these marketers, and overall the incoming spam has been reduced over 90%.
Yeah, and you can find out all about spammers, their tacts, and what they do with opt-out and other ways they confirm active addresses. I know this is big and scary for all of you, but you can even find that out all on your own, yes, just by your little lonesome! How, you ask? With Google! It's not even slightly difficult. If you can read Slashdot you can handle a Google search too.
Yay, look everybody, it's YET ANOTHER Ask Slashdot that should have been an Ask Google. Reminds me of the web site justfuckinggoogleit.com. Yes that's a real site, no it's not a trick. I like how it says on there "the popularity of this site just blows my mind" in their information page. Seriously guys, why does almost every Ask Slashdot have to be something obvious? Trying to "pick everyone's brain" makes sense when there can be multiple creative solutions, not when it's a yes/no question that five seconds with Google would answer definitively.
You can mod me flamebait or troll or whatever because you're a pantywaist and can't handle the sarcastic tone I used. But just try to actually disagree with me, I dare you. I'd like to see you try.
No, they don't. They haven't. This is a spammer lie.
Do I have to name names?
Try Sears. Guns and Ammo Magazine(more likely Petersen Publishing). The Libertarian Party.
Two of these spammers sent opt-out demands before spamming full tilt. The other simply e-pended me without notice. What part of "permission" do you see there?
Yes, it is useless. No, it's not safe. That's what this discussion has turned to.
CAN-SPAM (it's an acronym) has been totally ineffective, and was misguided in concept. The amount of spam in all my inboxes has increased since its enactment.
They DO NOT. I'm simply disputing what you state as a fact. I have proof.
I fail to see the distinction. If you resort to sneaky means to obtain my "permission", you're no better than the guy who makes a dictionary attack against my provider's server(s).
To say that Expedia is a "bad" spammer is to imply that there is such a thing as a "good" spammer. There is not.
If you think there's some sort of game on to "obtain permission", you're missing the point, which is that we don't _want_ you to spam us. Period. Yes, the 85% market is stupid enough to leave the "Sure, I want spam!" box checked if you hide it at all cleverly, but that's different from anybody actually _wanting_ advertising.
If you're an "honest businessman, just trying to make a buck", I suggest you GET THE HELL OUT OF "DIRECT E-MAIL MARKETING"!!! It now belongs to the hawkers of penis enlargement and erectile dysfunction medications (or, more likely, fake medications). Legitimate business needs to avoid it like leprosey. Advertise elsewhere because spam is such a cesspool that you DO NOT want to be associated with it.
I mean it. All you PR guys are _so_sensitive_ to the the public's moods and fads and attitudes and feelings that surely the thermometer has _got_ to be telling you that SPAM IS BAD PR. Spam is _universally_hated_. It's the _worst_possible_PR_ that you can engage in. I will _never_ patronize anyone who advertises to me in email. Just go away.
Well, the law isn't necessarily the end of the argument. Many, many email recipients feel that it's not legitimate unless it's confirmed opt-in, but the "direct e-mail marketing" industry refuses to meet this standard because they know damn well that only the terminally bored, mentally retarded, and criminally insane would ever actually opt in.
Yet they continue to assert that "people want this shite!!!". I'm not believing it.
Exceeding the recommended torque is not recommended.
you're just letting them know you're a live account.
i've been very happy with using sneakemail.com, an email anonymizer which makes it very convenient to create a new email address every time you register with any given site.
if it's from a company you originally did business with, and now they're sending you spammy e-mails, opt-out will probably work. If you've ever done business with them, they probably already assume your address is legitimate, so the "opt-out" ("unsubscribe", "email settings", etc) button's only purpose would be to stop the e-mails.
And for the love of fuck, don't be automatically afraid of opt-out buttons. Many people, having heard "opt-out is always a scam to verify your address", automatically click "this is spam" instead of "opt-out" whenever they want to ensure that they're not on a mailing list. Having recently implemented Feed Back Loops on our mailing list at work, the very first "this is spam" report we received was from a booking confirmation. People see an option to unsubscribe from a mailing list (which they five seconds ago had clicked a check box to subscribe to), but are trained "opt out is a scam!", and so click "this is spam" instead.
Of course, if it's a company you've done business with before, and now they're spamming you, a two-hit combo of "opt-out" and "this is spam" is an even better solution. Companies really do pay attention to who unsubscribes after a mailing, and "oh shit, 20% of our list just unsubscribed!" can very easily wake them up and get them to reconsider what they send.
-- 'The' Lord and Master Bitman On High, Master Of All
I opt out of spam regularly, in order to punish just the behaviour that this article talks about. I run my own mail server for myself and friends, and any spam I get is fed into the spam-filters (SpamAssassin and Bogofilter) that feed the entire server. The filters are ham-friendly enough that I can feed most of it straight through without even checking it.
What I could really do with, in fact, is a method for following all the links and loading the images in emails sent to my honeypot account, which gets fed directly into the spamfilters without me needing to look at it.