When Does Signing Up Become 'Opting In?'

AmyVernon writes "This piece from RWW got me thinking about whether, when you sign up for access to a site, you're actually signing up to get a slew of email spam from them. The single opt-in is still really popular, which I've noticed because I often check the box indicating I don't want further emails from a company or publisher. I always assume that giving my actual email address means I'm going to get spam-type emails from whomever. It still surprises me that most people don't. But it does raise a good question: Shouldn't you be able to sign up for something without automatically being signed up for a never-ending stream of 'updates?'"

They now have a vested intrest in not spamming

[giorgist]

Simply put, if they spam you and you click them as so, then even their legitimate emails will end up in other peoples spam folder.
If they are a little agresive in sending you emails without a easy way to opt out ... SPAM

Re:They now have a vested intrest in not spamming

It quite clearly states "Check this box to add yourself to our Opt-In Exclusion Removal Preference list".

Re:They now have a vested intrest in not spamming

[Opportunist]

This is very, very slowly getting through to the managers, though.

I had a boss not too long ago who simply assumed that everyone who ever bought a product wants to get our newsletter. I warned him that we might end up on blacklists, he chose to belittle my being a scaredy-cat and ignore me.

Last I heard is that he's fighting a losing uphill battle to get off the various spam blacklists because NONE of his emails get to their recipients anymore, and he noticed that it's not building trust in a company when you have to phone a possible business partner who has a commercial spam filter to tell him that he has to dig through his spam for your mail.

Re:They now have a vested intrest in not spamming

[FireFury03]

This is very, very slowly getting through to the managers, though.

I had a boss not too long ago who simply assumed that everyone who ever bought a product wants to get our newsletter. I warned him that we might end up on blacklists, he chose to belittle my being a scaredy-cat and ignore me.

Last I heard is that he's fighting a losing uphill battle to get off the various spam blacklists because NONE of his emails get to their recipients anymore, and he noticed that it's not building trust in a company when you have to phone a possible business partner who has a commercial spam filter to tell him that he has to dig through his spam for your mail.

Unfortunately most businesses seem to realise this is going to be a problem, and rather than not sending spam in the first place, they just ensure it comes from different mail servers and a different domain to their normal operations.

Re:They now have a vested intrest in not spamming

[CodeBuster]

rather than not sending spam in the first place, they just ensure it comes from different mail servers and a different domain to their normal operations.

Even this has long since ceased being effective. Most legitimate hosting companies will cut off violators of their "terms of service" which generally include rules to the effect that sending out unsolicited emails (i.e. spam) from their address ranges is grounds for termination of contract. Look at it from their prospective, if even a few of their clients did this SpamHaus and others would very quickly black ball their entire address range so that all of their customers would see their outbound emails black-holed. The so-called "bullet proof" hosts are generally located overseas and have poor connections and worse reputations; they are also black balled regularly. In fact, many smaller businesses still blacklist all email coming from Asian countries and especially from China and Russia. The only way to reliably send mass email anymore is via botnet and even that is becoming more difficult due to effective counter-attacks on command and control servers and better client side Bayesian filtering. Spam is a losing game these days and only stupid managers send spam or hire spammers to do it for them.

Re:They now have a vested intrest in not spamming

[mrfaithful]

This is very, very slowly getting through to the managers, though.

I had a boss not too long ago who simply assumed that everyone who ever bought a product wants to get our newsletter. I warned him that we might end up on blacklists, he chose to belittle my being a scaredy-cat and ignore me.

Last I heard is that he's fighting a losing uphill battle to get off the various spam blacklists because NONE of his emails get to their recipients anymore, and he noticed that it's not building trust in a company when you have to phone a possible business partner who has a commercial spam filter to tell him that he has to dig through his spam for your mail.

Unfortunately most businesses seem to realise this is going to be a problem, and rather than not sending spam in the first place, they just ensure it comes from different mail servers and a different domain to their normal operations.

If you are a business you HAVE to. From the start I made my mailing list completely opt-in. That doesn't stop AOL users from using the spam button instead of the prominent link at the top that gracefully removes them from the list. You can't have customers not receiving order confirmations or order updates or have business email blackholed because some webmail users decide they don't want your mail anymore.

Re:They now have a vested intrest in not spamming

[Kjella]

If you are a business you HAVE to. From the start I made my mailing list completely opt-in. That doesn't stop AOL users from using the spam button instead of the prominent link at the top that gracefully removes them from the list. You can't have customers not receiving order confirmations or order updates or have business email blackholed because some webmail users decide they don't want your mail anymore.

Blame that on all the asshats sending spam who take a link to opt out as a confirmation that your email address is live and proceed to sell it to ten more spam lists. Simple people need simple rules so the rule became to always click the spam button and never any opt out link. To fix this you'd have to fix the email system so we can tell the real opt-ins from the linkbait.

Re:They now have a vested intrest in not spamming

[FireFury03]

Spam is a losing game these days

My inbox will contest that. I get spam from some pretty reputable UK companies, despite the fact that it is illegal.

These days whenever I hand out an email address I suffix the user-part with the domain name I'm signing up to so I at least know who's responsible for the spamming. I *never* tick the "please send me emails" boxes (and similarly I always tick the "please don't send me emails) boxes. Despite this, I do get a lot of spam from companies I've legitimately handed my address too - my response it always to set up procmail rules to forward the spams directly to the contacts listed in that domain's whois. I have no idea if this ever helps to educate people.. I do know that it resulted Devere adjusting their mail servers to completely block my server rather than removing me from their spam lists (a company I have never had any dealings with, and due to their apparent propensity to buying email lists from other companies and spamming them, they will remain a company I have no dealings with).

Additionally, when complaints are filed with the information commissioner, the result tends to simply be a sternly worded letter. It does seem to me that there is no point in having these laws (and no point in anyone respecting them) when the result of breaking them is nothing more than a slight telling off.

For example, Asda signed me up to their email lists after I bought something on their website, despite me unticking all the boxes saying they could do so. To make matters worse, their unsubscribe system was broken (I had signed up with an email address that had a "+asda" suffix. Their signup system accepted it as a valid email address, but unfortunately their unsubscribe system rejected it as invalid because it had a + in it). I contacted Asda and they ignored my emails, so I made a complaint to the information commissioner. This resulted in them getting a sternly worded letter and they removed me from their lists... but they weren't punished for any of these abuses.

Similarly, a more serious incident (not involving email this time) showed that the information commissioner's office is basically worthless: When I had been shopping around for car insurance quotes, one of the companies I got a quote from illegally sold my details to an ambulance chaser. I got a call from the ambulance chaser who basically repeatedly lied about why they were phoning me up (stating that they were calling from my insurer because they just wanted to clear up some paperwork regarding an accident that happened 2 years ago). Eventually it transpired that they wanted me to make a fraudulent personal injury claim regarding this accident. They refused to tell me where they had acquired my details from. So I complained about them to the information commissioner, who told me they had sent the ambulance chaser a sternly worded letter... They didn't help in figuring out where the data had been acquired from - they told me that I should make a data protection request from the company in writing. I didn't bother because I knew that the chances are that the company wouldn't respond to the request, I would have to complain to the information commissioner again who would send them another "sternly worded letter" and it would basically end up going nowhere... Honestly, what is the point of having these laws if no one is ever punished for breaking them? I'm sure if I broke into someone's house and nicked their telly I wouldn't just get a "sternly worded letter"....

Re:They now have a vested intrest in not spamming

[dkf]

My inbox will contest that. I get spam from some pretty reputable UK companies, despite the fact that it is illegal.

There's two different types of spam. One is commercial email that is sent legitimately but which you don't want, and the other is the stuff that is being sent by the true mass spammers which uses false identities. The former, you can block with your email client just fine because it's not pretending to be anything or by anyone other than the truth. The latter, that merits the use of real anti-spam services (block lists, etc.) While yes, you don't really want either, it's the latter which is a deep problem (the former is just advertising, and has more in common with irritating ads on websites than criminality).

Re:They now have a vested intrest in not spamming

[FireFury03]

There's two different types of spam. One is commercial email that is sent legitimately but which you don't want

I would argue that if they autosubscribed me without asking, or actively ignored the preference I made when I signed up (both of which are illegal in this country) then it is not "sent legitimately". True, they tend not to fake the sender, but they are indistinguishable from spam sent from false identities (at least, not trivially distinguishable), and you therefore can't trust the "unsubscribe" link will actually unsubscribe you rather than harvesting your address (also, would you trust such a link if the sender had previously ignored your preferences anyway?).

In the other hand, in some cases there is a real problem with sending spam. I have in the past dealt with a bank (who I closed my accounts with then they started with this) who took to emailing me with marketing. The emails came from a domain that wasn't identical to their normal domain and instructed me to follow a link to a website which, again, wasn't their normal trading domain. The email told me that I could verify that it was legitimate because it contained some trivial PII (I think it was the first half of my postcode, or something similar... basically something that pretty much anyone could find out). So there are 2 problems here:
1. The bank is teaching people that they can authenticate an email based on some very spoofable details instead of securely signing it using a readily available, standard and widely supported technology such as S/MIME.
2. The bank is teaching their customers that it is ok to follow links in emails to random websites claiming to be their bank but being served from a domain that isn't recognisably the bank's own domain.
Whilst the website in question was purely marketing and didn't ask for any personal details, it strikes me that it was a little too close to what phishing looks like and that teaching the general public that they can expect their bank will communicate in this way is a Bad Thing... A good chunk of the public don't have a good enough grasp of security to consider the difference between this and a phishing mail.

Re:They now have a vested intrest in not spamming

[Attila+Dimedici]

Absolutely, if a site I want to visit requires me to give it my email address in order to look at its content and does not give me the option to choose not to recieve emails from them (and they are not a site I want to receive emails from), if I get emails from them, I click on the spam link. On the other hand, unlike many people I work very hard to remember that I intentionally asked a company, or organization, to send me email before I click spam. If I chose to receive email from a company and realize that they are sending me more email than I want to receive from them I will clik on the unsubscribe link in the email. The one exception to my rule about using the unsubscribe feature for emails I signed up for on purpose are emails from companies that offer a discount for giving them my email address.

Re:They now have a vested intrest in not spamming

[andymadigan]

I recently signed up for a trial of an app (YNAB - You Need a Budget). They asked for your e-mail address, I gave it to them. They say they need it to send you the trial key. There was also a checkbox labeled " Yes! Also send me occasional budgeting tips and best practices.". I unchecked it.

YNAB decided to send me messages (other than the trial key) anyway, I marked it as spam. I didn't agree to receive other messages, in fact I explicitly opted out.

For cases where there is no opt-out, fine. A regulation should be in place requiring them to state in readable text, near the e-mail box "we will send you updates at a frequency of our choosing, we may sell your e-mail address to spammers, etc.". Not in a privacy policy, in bold print on the sign-up form. If the company legitimately believes that people are willing to agree to the deal (my e-mail address for your product), then they should have no problem making it clear to the consumer what they are agreeing to.

I don't want to force a company to business with me, but I don't want a company to trick me into doing business with them so they can resell my information to the highest bidder.

Re:They now have a vested intrest in not spamming

[networkBoy]

It's sad, but since I run my own mailserver every login, every website, every promo, get their own e-mail address.
[website|promo|domain].[salt]@myhost.com
If I don't like their e-mail I blackhole their address. If I like (or need for a while) their e-mail I FWD that to my real e-mail address.
-nB

Re:They now have a vested intrest in not spamming

[Quirkz]

Yeah, I had something similar the other day. Wanted to try a piece of software, they insisted on taking my email address as part of the download/key process. It's a company we already do business with, just a different piece of software, so I considered them moderately reputable. They did NOT provide any opt-out checkbox, either.

Took me all of a couple minutes to test the software, realize it didn't do what I thought it did, and get rid of it. But by the time I'd deleted it I'd already gotten spam email telling me about other products from that company, and I had to follow links in those emails to go to their site and unsubscribe.

This is not a reasonable way to do business. They neither informed me I was being added to a mailing list (though requiring the email address makes it obvious enough -- I'm not dumb) nor gave me the chance to opt out until I'd received their first piece of spam.

Re:They now have a vested intrest in not spamming

[tlhIngan]

Spam is a losing game these days and only stupid managers send spam or hire spammers to do it for them.

Spamming is a losing game for the goods/service being spammed. But a great service for those doing the spamming. I think I got an email awhile back advertising such services, and 32,000,000 European inboxes were available for $200 or so. The spammer gets his $200, fires off 32M emails, and who cares if even 100% of it is blocked - he's been paid.

Also, most companies have a third party manage their mailing lists - remember that big one that got its email address database stolen earlier this year? These companies do have their due diligence and everything.

Finally, remember that filling out those forms usually counts as "prior business relationship" so yeah, technically it allows them to spam you. But if they use one of the legit third parties, it's trivial to black hole the from address.

Re:They now have a vested intrest in not spamming

[SomePgmr]

That's stupid of them, and it's to their own detriment.

I work for a small business and every day I make decisions like, "Would I be pissed about this?" and "Would this make me like this company less?" I regularly make statements on our various websites like, "This will only ever be used to activate your account.", and am prepared to back those statements up with my own job (not that my company would ask me to break a public promise anyway). I like to think that's served us well.

I think in a lot of cases, it's worth sending feedback to the business to tell them what you think. Ignorance not malice, and all that... you know? I've gotten feedback from customers and just realized I screwed something up. It happens, and I fix it as fast as I can.

And if they're a US company that doesn't provide the requisite information and a hassle-free unsubscribe from any list, complain. Put the pressure on. Nothing aggravates me more (in the world of junk email) like a seemingly legit commercial email that provides an unsubscribe link, but makes you jump through hoops to get off the list. I know I'd never do that to someone... and it bothers me that someone else thought it was ok.

Re:They now have a vested intrest in not spamming

[BillX]

I have to disrecommend Barracuda. Earlier this year I started getting emails from a never-heard-of "technology reselling company" that, when pressed, acknowledged they got my address from Barracuda Networks after we bought one of their spam firewall boxen.

Meh

[Mashiki]

In Canada unless it's clearly defined it's a privacy violation to do so. It's also a privacy violation in Germany, and I believe California. Signing up != A business relationship. So marketers take heed. Just because you can do something, and haven't been sued yet. Doesn't mean you won't. It just means that people can't afford to do so, or they don't care enough right now.

Re:Meh

[msobkow]

I've never had a problem with any websites spamming me if I remember to opt-out. It's annoying that they default to opt-in when you're entering your info, but even if you forget to opt-out they usually make it easy to correct the problem (though it may take a day or two for the server to catch up.)

I'm actually having the direct opposite problem right now -- I can't get the freeswitch.org list servers to accept my home account as well as my work account. I think the server is seeing the same name and skipping the second registration.

Re:Meh

[dwillden]

Which is the my current big complaint. You initially choose to get their email, or forget to opt-out, it only takes an instant at sign up to get the email rolling in, but choose to unsubscribe and you get taken to a page that says "Sure we'll unsubscribe you, no problem, it'll take three or four business days to do so." WHY?

Why when it only takes a single click to start the spam flowing does it take three days to get it to stop? Especially since we all know there is no human intervention needed to stop it. IT should be instantaneous. But no they somehow think if they keep sending it for a few more days you'll somehow change your mind about wanting their crap?

So now as soon as I've unsubscribed, any additional emails from that sender get sent to the spam filter.

Re:Meh

[bornie]

Three days? That is fast!
I once was told that it would take three weeks for me to be unsubscribed, with a few mails each week. If I had known that I would be spammed so much I would have shopped at another site.

And I hate being forced to log on to unsubscribe! It should be possible with only a link in the mail.

Re:Meh

[Quirkz]

I got on Stonewall Kitchen's mailing list once when I ordered a gift for my mom. They started sending me emails about every three days. I tried repeatedly to unsubscribe, and the page kept saying the unsubscribe was confirmed, but I kept getting email. After about two months (and three tries with their contact us form, the first two never got replied to) I got someone who said, "Oh, sorry, our unsubscribe page is broken. I've taken you off the list."

I can't really imagine a situation where they'd leave a broken page up for two months without a) fixing it, or b) changing the message to at least say "sorry, this doesn't work right now" unless it was intentional. It's a shame, too, because I like their stuff, but their combination of aggressive and sleazy marketing methods is not something I want to support.

Re:Meh

[WuphonsReach]

I can't really imagine a situation where they'd leave a broken page up for two months without a) fixing it, or b) changing the message to at least say "sorry, this doesn't work right now" unless it was intentional. It's a shame, too, because I like their stuff, but their combination of aggressive and sleazy marketing methods is not something I want to support.

Come work in the real world, where if it is not visibly broken and a manager doesn't make it a priority, it won't get fixed. And if you do put it on your list of "things to fix" it will be constantly pushed down to the bottom of the list by other fires.

So, it doesn't surprise me when opt-out / unsubscribe links don't work. Hell - even AOL's pages on support where you can sign up for their feedback loop are constantly broken.

Re:Meh

[JustSomeProgrammer]

As someone who was in charge of sending emails at a site that sent way too many emails. I can explain a little time lapse since often the lists for email send lists are generated up to a full day in advance here. Sometimes (rarely) longer than that. If we were working with a third party I could see them taking even longer as the lists are not generated for mass mailings in real time.

That email you get right away is either generated directly through the site or is a smaller email list that is able to be generated in real time.

Re:Meh

[Mashiki]

Yes because we all know that even if some lawyer whipping out his dick and hoping that if he pisses all over everything it automatically makes it "in the US" it applies everywhere. That the 'services and conditions' apply too. Sorry the real world doesn't work that way. ToS, one sided contracts, and 'fine print clauses' where the party does not have them clearly explained and defined or they are switched are illegal in Canada, and in Germany too, and in the EU. And in some parts of the US, they have "clear contract" laws.

Re:Meh

[Linuxmagic]

Have you read the new proposed 'anti-spam' legislation planned for Canada? Basically it opens a whole that a truck can drive through for email marketers, while making normal B2B emailings risky for the small independant business person.

Yes, you should.

[cmv1087]

But it won't happen, at least not anytime soon. They make too much money right now.

You really should also be able to explicitly tell them not to sell your personal information to other companies and have them actually follow through with not doing that, but it doesn't look like that will actually happen anytime soon either despite the victories won by privacy advocates. Too many people just don't care as long as they're not being physically inconvenienced.

Protip

Sign up using a throwaway account that is name-related to the site you are signing up to. That way you will always know who are the ones that send you spam, or sell your address to spammers.

Re:Protip

[lintux]

A special e-mail account for every account I create? So whenever I create an account, I create two? :-)

I'm using a catch-all domain for this. Works pretty well too.

Re:Protip

[nospam007]

Just use mailinator.com to sign up.

Just enter whateveryouwant@mailinator.com and go check the sign-in confirmation at mailinator.com and you're done.
No need to create a special mail address first or to use a spam-me address where you'll have to wade through hundreds of spam emails to find the right sign-in one.

Re:Protip

[wagnerrp]

I've started proactively blocking mailinator.com, and any other domain I find that forwards their MX to them, on a wiki I administer. For every one legitimate user signing up, I have fifty more who are just generating spam accounts. Considering one sixth of all users ever make a single edit, and one twentieth make five or more, anyone who's going to stick around and become a meaningful contributor is likely to be willing to give a real address.

Re:Protip

[rtfa-troll]

Try spamgourmet. It's really neat because the act of signing up can automatically create the email address for you. After that you get to know for sure exactly which services sell on your email address. I've been surprised (I only found two so far; they weren't ones I expected; it seemed to be due to a security problem).

The advantage over a catch-all domain is that it has all sorts of mail handling features like auto-expiring the address if they start to spam; re-instating the address if it turns out they are sending useful info; allowing email to an address only from an address etc. etc.

Re:Protip

[Demonoid-Penguin]

Sign up using a throwaway account that is name-related to the site you are signing up to. That way you will always know who are the ones that send you spam, or sell your address to spammers.

gmail accounts don't care about dots in your email user name - which makes it easy to tell who leaks your email address to spammers. Eg. sign up to gmail and dickhead@gmail.com - then sign up to slashdot as dick.head@gmail.com. All spam addressed to dick.head@gmail.com came via slashdot. NOTE: slashdot doesn't sell email addresses - but I certainly caught companies doing using this technique.

Re:Protip

[nospam007]

"anyone who's going to stick around and become a meaningful contributor is likely to be willing to give a real address."

A 'real' address? You mean they create an alias that they delete after having signed up?
That's what I do for the few sites who block mailinator com and their associates.

Re:Protip

[AliasMarlowe]

Eg. sign up to gmail and dickhead@gmail.com - then sign up to slashdot as dick.head@gmail.com. All spam addressed to dick.head@gmail.com came via slashdot.

Richard Head probably didn't want his gmail address spewed around, you inconsiderate clod!

Re:Protip

[HTH+NE1]

A catch-all is fine if your domain isn't attractive to spammers to use for their outgoing mail. I had to convert one of my two domains away from being a catch-all because of a certain movie being released with the same name became attractive to spammers. I don't even accept e-mail via a webmaster account for the site anymore. At peak volume, my ISP actually disabled my procmail spam filter because it was using too much CPU on their system, replacing my .procmailrc file with a copy with permissions against my editing or removing it.

I've found most businesses I deal with don't spam or distribute my e-mail address. The only exceptions so far has been one company who had their product cease-and-desisted (and apparently sold their e-mail list to recoup their legal costs, which led to spam for similar software, and eventually to multiple attempted botnet infections per day), a political e-mail list that not only did not honor unsubscribe requests but also data-mined a new address for me when I closed the original address I'd given them (at a caucus at which I barely participated), and a rebate fulfillment company that not only provided the alternate address to the political mailing list (directly or indirectly) but also never fulfilled my rebate. Those three usernames now come up as undeliverable.

So yeah: software with legal troubles, political groups, and rebate services are three things not to give your e-mail address.

Yet other, more reputable companies will also try to acquire e-mail addresses through recovery services if you opt out of giving them an address. I had unsolicited e-mails from two businesses I'd done business with previously arrive on the same day, both to addresses I had not given them. Neither one has continued, but only one apologized.

Re:Protip

[Kjella]

The problem with this approach is that once you get spammed you'll continue to get spammed (getting off spam lists is impossible once you're on one of the bottom feeding v!4gr4 lists), unless you set up special block rules. I like yahoo's throwaway addresses, you can have up to 500. If I get spammed, I chew out the ones who spread it then delete the address. It's a very simple and very final solution, only wish I'd used it earlier because my email already has a degree of spam from the "old days", plus various stupid people that cc 100 people at a time so it gets spread far and wide.

Re:Protip

[xelah]

A catch-all is fine if your domain isn't attractive to spammers to use for their outgoing mail.

I've found that once spammers start forging your domain and those forged e-mails start turning up in people's inboxes, other spammers then pick those sender addresses out of those inboxes and use them as targets for spam. Argh!

Re:Protip

[wagnerrp]

Yes, a real address through a real mail server, rather than one that just accepts anything and everything, even if it's just going to be immediately discarded after the authentication process. Users can manually do it. Bots can do it too, but blocking mailinator and their ilk means I block out a big chunk of the spam that is pointed at the wiki, and spend less time cleaning it out the accounts that still do end up getting made. There's never any perfect solution, but blocking them put an end to what was several new users every day generating spam.

Re:Protip

Gmail also gives you unlimited e-mail addresses. If you are bob@gmail.com and you sign up for "Site A", you can enter bob+sitea@gmail.com as your e-mail address. Still goes to the same inbox but easily filtered and you can trace who originally gave out your e-mail adress if you give a unique version to every site.

Re:Protip

[X0563511]

Yes, a real address through a real mail server, rather than one that just accepts anything and everything, even if it's just going to be immediately discarded after the authentication process.

And just how do you plan on differentiating that? Here's a hint: "one that just accepts anything and everything" is also a real address through a real mail server.

Re:Protip

[X0563511]

Confirmed... it works. That said the webmail frontend doesn't make it immediately apparent where it got sent to. You have to click "show details" on the header for every message you want to check.

Re:Protip

[Quirkz]

No kidding. I managed to use a catchall for a couple of years, but it eventually became unbearable. I had a couple of cases of spam being sent out that bounced back to me, but also many cases of systematic name-guessing at my domain. I'd get a series of messages for aaron@, adam@, bo@, bob@, carl@ .... and on down the list for hundreds of the same thing.

Re:Protip

[Demonoid-Penguin]

The problem with this approach is that once you get spammed you'll continue to get spammed (getting off spam lists is impossible once you're on one of the bottom feeding v!4gr4 lists), unless you set up special block rules. I like yahoo's throwaway addresses, you can have up to 500. If I get spammed, I chew out the ones who spread it then delete the address. It's a very simple and very final solution, only wish I'd used it earlier because my email already has a degree of spam from the "old days", plus various stupid people that cc 100 people at a time so it gets spread far and wide.

There are two compelling reasons to use that approach:-

1. You know who to smack upside the head with a teaching bat
2. You can filter all email with that dot arrangement

That's not to say you shouldn't run multiple email accounts.

Re:Protip

[Demonoid-Penguin]

Eg. sign up to gmail and dickhead@gmail.com - then sign up to slashdot as dick.head@gmail.com. All spam addressed to dick.head@gmail.com came via slashdot.

Richard Head probably didn't want his gmail address spewed around, you inconsiderate clod!

He's a prick - who cares. Hang on... my mother is a lump of dirt - find another insult.

Re:Protip

[Uzuri]

The smarter spammers are aware of this trick, though; they cut off anything after the +.

Disposable address

[Orgasmatron]

Assume that every email address you give out is going to get spam, so use different ones in different places.

When the inevitable spam starts, make the decision. Do you believe that this entity is likely to respect unsubscribe requests? If so, hit unsubscribe. If not, forward to /dev/null.

The practice is so damn common now, that no matter how much it pisses you off, you have to understand that the other guy has no idea that you think he is a worthless scumbag. You really can't buy from anyone online without them assuming that you want to hear about their specials every week until the end of time.

Oh, and an added bonus: if their customer database ever gets leaked, you only need to ditch the one throwaway address and update your info with just the one site.

There are other variations too, for example I have two main work email addresses. One is the one I use and give out, the other is on the website. As far as I can tell, the one on the website has never ever been legitimately used. 100% of email to that address is spam. Because of the nature of my job, I give people quite a bit of leeway when it comes to harvesting that address and adding it to their spam lists. But if I recognize the source, like if they send more than one email every few weeks, that entire domain/spam service goes in the permanent block list.

Re:Disposable address

[afidel]

I do this to some extent, I use the name+company@gmail.com trick to sign up when their form will allow it, otherwise I make a blanket assumption that they are going to spam me (since their developers can't read an RFC) and give them my spam catcher account which I only ever check when I'm expecting a response from a web form =)

Re:Disposable address

[mrclisdue]

+1 to this.

I tell everyone with a gmail to do this with every single account they create; this enables them to determine who's invading their email space....

cheers

Re:Disposable address

[Burdell]

It also allows you to see who sold your email and/or who has been compromised. I have a personal domain for email, and I use a different address for just about everything (and they're usually pretty unique, so not found by address harvesting). I am now getting a lot of spam at the address I gave to Linux Journal; since they went online-only and I cancelled my subscription, I killed that address.

I also had a year of free credit monitoring with one of the "big three" credit agencies (due to somebody else's database compromise), and now (shortly after the year passed and I didn't agree to pay for continuing monitoring) that address is getting spam. Either they sold it, or their database has been compromised. Either way, it gives me SUCH a good feeling about their reliability!

Re:Disposable address

[whoever57]

I use the name+company@gmail.com trick to sign up when their form will allow it,

I use this also, but far too many websites won't accept it. I run my own email domain, so if I want to sign up, I just create a <me>_<company>@<my domain> alias.

I even came across a website that would not accept a "." at the end of the domain part of an email address, which is surely valid.

Re:Disposable address

[shentino]

Sadly I've seen web forms get wise to this thing and reject that syntax.

Spammers are getting smarter.

Re:Disposable address

[geekboybt]

You know, I hear of this solution constantly. If I were a spammer (and I can assure you I am not) that's constantly tweaking my messages to go through Bayesian filters, why would I not run my address list through something that removed "+something" from the mailbox portion of the address? Seems like the easiest trick in the book, especially when you've lifted the addresses from a database without permission.

Re:Disposable address

[scsirob]

I have a domain that I use to receive email on. The main email box does not get used at all for incoming our outgoing mail, ever.
When I need to sign up to a website (eg www.somesite.com) then I create an alias somesite@mydomain.com and forward it to my regular inbox. I always opt out of newsletters and other stuff. If I ever get spam addressed to somesite@mydomain.com, I know that somesite does not respect my opt out, has been hacked, or their database has been abused. That's the last time I did business with somesite, and the alias disappears.

Re:Disposable address

[Barefoot+Monkey]

I do this to some extent, I use the name+company@gmail.com trick to sign up when their form will allow it, otherwise I make a blanket assumption that they are going to spam me (since their developers can't read an RFC) and give them my spam catcher account which I only ever check when I'm expecting a response from a web form =)

The problem with that trick is that your regular email address (name@gmail.com) is revealed. Spammers will just ignore everything after the +. You can make it more effective by taking into account the fact that gmail lets you put dots almost anywhere in your name. For example, register my.name@gmail.com and use it for communicating with your friends but never use it for signing up to websites - when you do that put the dot somewhere else (myn.ame@gmail.com, for example). Then create a filter that blocks everything except my.name@gmail.com and myn.ame@gmail.com to catch out sites that try to strip the dots. If you're willing to put in the effort you can use then more filters on myn.ame@gmail.com based on plus-addresses and senders.

Re:Disposable address

[godefroi]

Your strategy is easily dealt with:

find ([^\+]*)(\+\w+|)@(.*)
replace with $1@$3

If it ever became widespread, it'd be defeated VERY rapidly.

Re:Disposable address

[nitehawk214]

A lot of companies won't accept gmail? I find this very hard to believe, unless a company really doesn't want to stay in business. I remember back in the day when sites stopped accepting yahoo and hotmail addresses, but in today's web I am willing to bet more people have a webmail account than a isp-provided email. With as much as people jump services, or services get acquired and rebranded, most people cant afford to have their email address locked to their provider. And since google seems to be a fairly stable entity, I would expect most people to use it rather than a more transient service.

If you mean that companies will get wise to their own name showing up in someone's address. Simple. Just make it yourname-1234@gmail.com. Keep a lookup table of 1234=spammer company #1. Yeah its a bit of extra work, but presumably you would be auto-forwarding the email on to your proper account anyhow, so you only need to look when you get spammed from an unknown entity.

As far as companies not accepting valid email addresses. Well that is just a clbuttic example of a bad regular expression.

Spam is why they want your email address.

[Macdude]

They are only asking for your email address so that they can sell it to spammers and spam you themselves.

Use http://www.mailinator.com/ and thwart their evil plans...

Re:Spam is why they want your email address.

[Fnord666]

I use mailinator if I think I will need to contact a company down the road. If they want my address just so I can view a post in a forum or download a file, I use Ten Minute Mail. The email address lasts just long enough to receive a confirmation email and hit the confirmation link. After ten minutes it goes poof. Ten minute mail also rotates their domain regularly so they tend to stay in front of the sites that may block mailinator addresses.

Re:Spam is why they want your email address.

[Mr.+Underbridge]

Well, a number of reputable sites also use email to authenticate users, provide a means of recovering lost passwords, and to avoid the dance where users try to find a valid username.

And to spam.

never give them your main email

[Ralph+Spoilsport]

If it's so important that you want it, then it's good enough for your "spam email" address. I've had one for years - works like magic.

Example: my real email could be (but isn't) RalphSpoilsportMotors@gmail.com. My SPAM email could be (but isn't) RalphsSpambucket@Gmail.com.

They get their email address, I get their content sans bullshit and every one is happy.

Now, how hard is THAT?

RS

Re:never give them your main email

An alternative I use (if you don't mind spending a couple bucks a year) is to own a domain. It doesn't need to be hosted anywhere, and it can be whatever you want. (Bonus points for being able to sign up at forums/sites that won't allow free email accounts!)

Sign up for Google Apps (free) and follow the simple steps to get your domain set up for email. Make your real email address that you only give out to real people, then make one called "catchall@yourdomain.com" - or anything you like, really. Now, in the email settings, you can have that email (catchall) receive *ANY* emails that aren't sent to a legitimate address on your domain.

So if I sign up for say, Slashdot, my email I use to sign up is slashdot192@mydomain.com. Any email they sends me goes to catchall@mydomain.com, and by looking at the 'to' header, I can figure out who has been selling my email address. :) It's pretty incriminating when spam emails come in addressed to "shoprite158@mydomain.com", or "autozone563@mydomain.com'. (I use the number on the end to make sure some bot isn't just randomly sending out emails to common possibly names at any domains in the registrar)

Re:never give them your main email

[llzackll]

I do that, but now realize it's pretty much pointless since I don't use e-mail for any personal correspondence anyways, unless it's my work e-mail. Do people still actually use e-mail outside of work ?

Re:never give them your main email

[Serious+Callers+Only]

I do that, but now realize it's pretty much pointless since I don't use e-mail for any personal correspondence anyways, unless it's my work e-mail. Do people still actually use e-mail outside of work ?

Yes, most of the world still uses email. Out of curiosity, what do you use instead?

Re:never give them your main email

[foniksonik]

SMS primarily, then phone to talk, then in person to do stuff. For acquaintances Facebook - it's the new email list.

Use a disposable address

[aardvarkjoe]

I use http://mytrashmail.com/ whenever I need to sign up for anything. Use it finish the e-mail validation that these sites make you do, and then forget about it.

I really wish that Google would build something like that into GMail -- something that would let you create a disposable address that is forwarded to your real address, but then can be easily blocked once you start getting spammed. (No, the "+" addresses doesn't cut it, since it reveals your real address to anyone who cares.)

Re:Use a disposable address

[MattW]

They do: http://www.google.com/apps/intl/en/group/index.html

Get a domain for $10 a year and sign up. You can alias the whole domain and just blacklist/whitelist at will.

Re:Use a disposable address

[dominique_cimafranca]

Gmail strips out the "." in email addresses so, for instance, "beetlebailey@gmail.com" and "beetle.bailey@gmail.com" are effectively the same. One advice I heard from before is to give out something like "beetlebail.ey@gmail.com" for signups. Once that becomes compromised, you can automatically filter all messages to that address to trash or spam.

Re:Use a disposable address

[lakeland]

That's much the same as the + trick - there are too many people that know it for it to really hide your email address.

Re:Use a disposable address

[1u3hr]

give out something like "beetlebail.ey@gmail.com" for signups. Once that becomes compromised, you can automatically filter all messages to that address to trash or spam.

And the linkspammers use that too to evade blocks on their accounts.

I admin a forum and review signups. Any that use the dot trick I bin, after checking a few dozen and finding 100% were blacklisted addresses.

Re:Use a disposable address

[foniksonik]

I've been using dots for > decade. It used to be a standard way to do first.last@domain.tld.

Re:Use a disposable address

[1u3hr]

Single dot for a space is okay. Its when they do j.o.h.n.s.m.i.t.h@gmail.com that I know they're up to something. Possibly they just are trying to protect themselves from spam, but unfortunately, it's now the mark of a link spammer.

Re:Use a disposable address

[jedwidz]

That's not a problem if your 'real' email address has its own signature of dots. Unfortunately I wasn't aware of this trick when I created by GMail account, so that horse has already bolted.

Another approach is to not have a 'real' email address at all - instead, use a distinct address for every counterparty.

Re:Use a disposable address

[lakeland]

Yes, the easiest is to register a domain and then have *@domain.com redirect to your gmail account or similar. That way you don't even have to go to the effort of setting new ones up.

It gets worse with a mistakable email address

[MattW]

And if you happen to have a first-initial-last-name type email address at a popular provider, then you get potentially dozens of other peoples' single-opt-in spam. Over 50% of the email I get is addressed to someone other than me. Painful.

No Problem..

[no-body]

Own mail server with Postfix + 1 email address per vendor && if they send UCE or SPAM, report to SpamCop && disable their email address.
 
No need to deal with creating extra accounts on Gmail or Spammotel.

Script:

vi + /etc/postfix/virtual # dup last line and edit email address

postmap /etc/postfix/virtual

postfix reload

Use aliases to track them

[Vrtigo1]

Whenever I sign up for some random site that I'll never visit again, I use an e-mail alias so I can track what they send me, who they're selling my e-mail address to, or who hacked them and stole my information. It's simple enough, just set up a catch-all e-mail address on a domain, then when you sign up for www.uselesssite.com, use the e-mail address uselesssite.com@yourdomain.com. If you start getting a bunch of spam to that address, it's pretty hard for them to refute that they're the cause of it.

not a 100% solution

[Sunshinerat]

The problem is that this does not work for everything.
I fly every week and therefore I receive every week three emails asking me to rate how pleasant the service was from my airline, car rental firm and the travel agent.
Eventhough, I am loyal to these companies, everytime I delete such an email (yes, I do not respond to these quality questionnaires), I hate them a little more...

So a spammebadly@gmail.com will not help me, I need my confirmation emails from these companies.

And yes, a rule in my email client will do the trick, I just do not work that way...

Isn't that kind of the agreement?

[aiken_d]

I mean, as long as they are up front about what they'll do with your email address, aren't you essentially agreeing to that in exchange for the service they offer?

This smacks of the old days when people used TV antennas to get "free" TV, and then complained about commercials. If the service isn't worth the unwanted communications, don't use it. But they're under no obligation to give you what you want, on your terms, and subject to your every whim.

Now, places that are dishonest or deceptive about the contract, that's a problem. But most larger businesses are pretty straightforward, and as an adult (right?) it's up to you to make the decision of whether it's worth it.

Re:Isn't that kind of the agreement?

[jedwidz]

This smacks of the old days when people used TV antennas to get "free" TV, and then complained about commercials.

Heh, unlike now, where people get "free" TV and the commercials are the best thing on it.

As a marketer...

[lwsimon]

Single opt-ins suck. Why would you ever want to subject your list that that much "spam" notations? No one wants to see your promotions if they've not signed up for them. If you're running the business right, people will want to open your emails because they provide value.

I use double opt-ins for my online listbuilding, and am very explicit that the user will receive solicitations. I use single opt-in in the real world only, such as when I run a contest dropbox to collect email address to win a prize. Physically writing your email on a scrap of paper is good enough verification for me.

never give out your real e-mail address

[frovingslosh]

Not associated with the site in any way except as a long time user, but I urge people to set up an account with spamgourmet.com. They will forward your e-mail to your real e-mail address. Not only can you create a unique address for everyone that you have to give an e-mail address to on the fly, but you can disable any of the addresses at any time and you can tell who is abusing your e-mail address. For example, I just checked with spamgourmet and I see that the last 3 pieces of junk mail they discarded were from suxjhb@wzju.com, suidvv@frkm.com and suundq@xcfk.com. More interestingly, the spam was all sent to an e-mail address that I created for and only gave to Equifax. So I know that they are responsible for it, they either sold my address outright or were sloppy about security and had it stolen by an employee or hacker.

I've even had close friends who's accounts were hacked and spammers tried to send out spam to all of their contacts. In such cases you will be glad to know that the person in Nigeria has the address of an account that you can easily disable without completely changing your e-mail account for all of your contacts.

And I should mention that I've never received junk mail from Spamgourmet and to my knowledge I've never had any problems with them revealing the address that they forward to. They even provide a nice mechanism that allows you to "reply" to email sent through them, and the response goes back to them and is sent from their domain, so you don't reveal your true address even if you reply.

Another disconnect between managers and IT people

[acidradio]

This just shows how disconnected the MBAs are from the people who really have to implement it or deal with it. Only managers think that it is good practice to bombard paying customers with crap that they don't really want. It sure looks good on paper or in a Powerpoint, right? Could help get that extra 3% market share!

Article and post define "sign up" very differently

[TimTucker]

The original posting talks about "signing up" in the general context of creating an account on a site.

The article, however, seems pretty clear in talking about "signing" up to receive emails. (And very clearly puts forward that "no option == spam")

Looking at the two modes of failure for a user receiving emails you can have:
- False positives: user starts receiving email, but doesn't want it
- False negatives: user doesn't get any email, but does want it

The main debate in the original article boils down to:
- Single opt-in results in fewer false negatives, but more false positives
- Double opt-in results in fewer false positives, but more false negatives

At which point the question is one of whether it's better to optimize for fewer false positives or fewer false negatives.

In the context of the original article, if someone is signing up to receive emails, both of the following situations will lead to the original user not receiving the emails that they requested:
- If they misspell their address and the email goes to someone else
- If they enter a different address purposefully and it goes to someone else

For the user signing up for messages, the opt-in message isn't something they specifically wanted -- it's a barrier that prevents them from getting what they wanted (as such, a double opt-in request could be seen as a false positive). For someone whose email was entered in a form by someone else, any message they receive may be seen as a false positive (including a double opt-in request).

Spamgourmet.com - disposable addresses

[MCRocker]

I use spamgourmet.com for disposable email addresses.

Among other things, spamgourmet lets you set the number of messages that can be sent, so it can be useful for things like placing an order where you need to register, get an email with a link to validate your email address and then get an order confirmation and a few tracking status emails, but then stop accepting anything after that.

It doesn't catch as many bad actors as I thought it would, but when they do misbehave, it's kind of cool to see the number of deleted messages that never filled my inbox.

They also have it set up so that it you can reply to messages routed through spamgourmet without giving away your real email address. There's also an alternate domain so that when you're dealing with an actual human being they won't be freaked out by an email address that has the work "spam" in it.

Re:Spamgourmet.com - disposable addresses

[wagnerrp]

Sadly, these disposable addresses are used far more by spambots than by legitimate users attempting to avoid spam.

Re:Spamgourmet.com - disposable addresses

[rtfa-troll]

I think Spamgourmet is pretty determined in blocking this. Do you have an examples? Have you reported this to them? (or their forum?)

Re:Spamgourmet.com - disposable addresses

[wagnerrp]

Looks like I need to retract that one. None of the handful of users signed up through spamgourmet have been banned due to spam, of course none of them have made more than a single minor edit either. The real culprits are things like mailinator or mytrashmail, and I had added spamgourmet to the list after skimming the list of email domains and assuming them to be set up the same.

Some managers don't get it

[msobkow]

I worked for a company that had a manager who insisted on sending out a newsletter to everyone in the company customer database. We warned him that was illegal. We warned him that would be spamming.

He refused to listen and ordered the email sent.

The entire company was blocked from sending emails less than 24 hours later.

You should have seen him rant and rave about the importance of getting the emal "fixed." His manager found out about the "newsletter", and fired him on the spot.

Re:Some managers don't get it

[Kjella]

His manager found out about the "newsletter", and fired him on the spot.

At least there's one good manager in this story, he's even the boss of the bad manager. It could be worse...

Re:Some managers don't get it

[justleavealonemmmkay]

In the military there are provisions against executing illegal orders; how come the operators DID send the mail ? weren't there provisions against this ? How was did Eichmann defense stand ?

Re:Some managers don't get it

[greed]

Here's how it works, because I've seen it happen:

I, a system/network/development admin with integrity, say "No, you can't, here's why. Get me a signed document from Legal and I'll do it."

But they don't go to Legal. They go to someone else who says, "Yes, sure."

(Sometimes I actually deal with other people with integrity. Then I do get a document from Legal, or an, "Oops we didn't think this through, thank you." Or, one time, a transfer of copyright liability to the Lab director.)

Fortunately, most of what I do doesn't connect to Teh Real World, so I don't have to deal with people wanting to send out newsletters. I get the people trying to put GPL code into proprietary products, instead--and Legal is on my side.

Re:Some managers don't get it

[WuphonsReach]

I worked for a company that had a manager who insisted on sending out a newsletter to everyone in the company customer database. We warned him that was illegal. We warned him that would be spamming.

Not illegal in most jurisdictions as long as there is a pre-existing business relationship. Presumably, if they're customers, then they qualify.

Doesn't mean it's not sleazy and prone to cause problems.

Re:Another disconnect between managers and IT peop

[pspahn]

Well duh. They define the entire business model on the idea that each user in their database is worth $x. If they reach a certain amount of users, they will make x amount of money. That disconnection between IT and Management is a two way street.

Easy if you have your own domain...

[aaaurgh]

Each and every site I sign up to gets a unique e-mail address and all my mail goes through both my gmail account and isp filtering.

While I prefer to have the choice to opt out at sign up (and have that choice respected), this method means I can simply update or remove just one e-mail address and stop the problem should a site not respect my wishes.

Adds a tiny admin. overhead to each sign-up but is worth it

Re:Stunning

[Jah-Wren+Ryel]

(Slashdot, some random story about spam) Blah blah blah paragon of virtue morals everyone should do what's right holier than thou...

(Slashdot, some random story about copyright infringement) whine anger pout serves them right greedy thieving fascists yeah it's wrong but *&^% those &^%*# I'll keep on downloading stuff I haven't bought until the day I die (justify blindly, etc....)

(Slashdot, some random poster complaining that slashdot users don't all share the same world-view)

(Slashdot, some random poster complaining that his own personal world-view is the only valid world-view, and implying that anyone who doesn't conform is a hypocrite)

Re:special e-mail account

[TaoPhoenix]

I just use a special email account for all businesses that I expect TurboMails from.

In a way it's so simple it's easy - it's easy to remember when you're on the spot signing up for stuff, and you know there's nothing "important" there. So you just let them all fight it out.

"You have 1422 new mails!"

So what? They're all corralled in the email-box resembling Montana. Radio Shack, Groupon and more.

Disposable addresses

[xenobyte]

This is the way to go.

Several people have already told the virtues of this, which I won't repeat. I do add a little twist because I run my own spamtrap and DNS RBL which I update whenever one of the addresses yields unsolicited newsletters and similar spam. Then that company 's mailservers are blacklisted more or less forever. Basically it works like this:

Each address on the disposable list initially is an alias of my real email address.
If one gets compromised, it is switched to being an alias of the spamtrap instead and every mailserver delivering mail to the spamtrap gets immidiately blacklisted, no matter what.

Mails to the spamtrap bypasses the RBL checks, but mails to regular addresses are checked against my own RBL and a few more, and is refused upfront if listed. The result is close to zero spam. Before this, I got 10-20 spam each day that made it past the regular RBLs and spamassassin.

Negative Agreement

[Z00L00K]

The way to automatically agree to things and you have to opt out may in some countries be illegal.

Two address minimum

[sgt+scrub]

Doesn't everyone have an email address that they use for non-human communication? If your dealing directly with a human you give them your direct account sgt_scrub@. If your dealing with an online entity you give them your non-human address spamaway_beotch@.

CAN-SPAM exception

[butabozuhi]

I worked at a company, some years ago, when the "Controlling the Assault of Non-Solicited Pornography and Marketing" (CAN-SPAM Act) came out. It made spam 'illegal' (hard to enforce, though) but had a specific exception if the customer recently engaged or transacted with you. So, by receiving a good or service you've basically opt-ed in! Like most of the other posters I assume by providing an email I'll be spammed - so I use an email address specifically set up for that purpose.

Re:CAN-SPAM exception

[jfengel]

CAN-SPAM also means that they have to provide a real opt-out. We've taught ourselves to assume that the opt-out just tells spammers that you've received their message, but a legitimate company can be sued if they don't take you off the list.

It's annoying to have to click an opt-out message for something you didn't think you were opting in to, but it's not the real nuisance. The real nuisance is the bottom-feeding spammers who use botnets to spew vast amounts of fraudulent crap. Compared to that, the CAN-SPAM "legitimate" spam is a drop in the bucket and easily managed.

I'd like to see companies that fail to comply with CAN-SPAM sued when they fail to follow the rules. Most of them want to be aggressive but keep it legal, and lawsuits will push them to keep on the legal side. When they use fraud, they need to be hammered, but that's going to be fairly rare. The real problems will still come from the fraudsters; you don't have any existing business relationship because they don't have any legitimate product to sell.

Re:CAN-SPAM exception

[butabozuhi]

Hear! Hear! All legislation should have real teeth - or they're just wasting the paper they're printed on.

I Get Very Little Spam

[Frightened_Turtle]

I created a single mailbox to handle email from websites that ask for an account sign up. For each website, I created a unique email alias for that single account that is delivered to my consumer email account. The idea being, once I started receiving unwanted spam in that account, I would simply delete the email alias that was receiving that junk email. This was based on the idea from the early days of email, where you created a totally separate email account for each thing you signed up for in order to avoid spamming. Aliases are far more flexible, and do not use up a limited number of email accounts available from one's ISP. My intent was that this would be come my "email honeypot" and use it to collect domains that I would add to my email blacklist. I also intended that it would reveal which companies were selling my email address to spammers and I would dutifully report these companies to the internet, getting them pretty much blacklisted.

Over a number of years, I've amassed nearly 150 email aliases that point to the consumer account. Of all the email accounts I have—a couple are pushing past twenty-years-old now—this consumer account with nearly 150 different email aliases draws in the least amount of junk email than any and all my other accounts. In fact, it garners almost no junk email at all! My oldest email address brings in more junk email in a month than my consumer address brings in since the time I created it!

Clearly, my expectation of this account sucking in all unwanted email turned out to be a complete failure. My intent of revealing companies that were taking the low moral road came to naught. What it did reveal was that the web sites I signed onto were actually taking care to ensure that my email address was not revealed and these companies were dutifully trying to keep me from being harassed by slimy, junk-mail-producing parasites. Indeed, there were a few sites I signed onto with the expectation that I would be absolutely flooded with junk email within a month of signing on. These proved to be the quietest sites among the many.

In the end, I must confess to being impressed that many companies truly are honoring subscribers' privacy. I do get email from these sites, but the email is pertinent of the products being sold by the site from which the email is coming. So, I count these emails as being legitimate. I have never gotten third-party email (illegitimate) through these addresses. When I opted out of a given company's email list, by golly they actually respected the request and the email stopped!

All this showed me that—as one poster above stated—companies have realized it is in their better interest to keep their email lists private than try to make a profit selling these email lists to others. It doesn't take much intelligence to think this through, either. If you sell your email lists to a marketer, that marketer will sell the emails to your competitors, telling them that these emails came from a company that makes similar products. Sell your email lists, and you could find your customers being poached away by your competitors.

The REAL pita

[SmurfButcher+Bob]

...is having an address that retards accidentally use as their own - e.g. if you were to score the address, "fred@gmail.com".

Very soon you discover that few "opt in" companies actually verify that you own the address you're submitting - and more, you discover that there's no provision to get out of it, unless you know the account name/pass.

Fucking Delta Skymiles and Time Magazine

[EXrider]

If you ever use Delta Skymiles to get some "free" magazine subscriptions, be prepared for a shit-ton of frequent spam that you literally can't unsubscribe from. It also has the awesome feature of coming from no less than 5 different email addresses, making it a PITA to effectively block once you figure out that their unsubscribe links are purposefully broken. Bastards!

Re:leemail shameless plug

[mnacos]

sry, the 'Anonymous Coward' above is I