Unsubscribe safely

Question

I have heard that is better to never click to any link in an email. Is it a bad idea to click to a unsubscribe link? What is the best way to unsubscribe to undesired mails?

Sometimes they track it when you want to unsubscribe and mark you as "active". Your email is then much more worth. — Danny., Jun 30 '15 at 09:28
You want to unsubscribe to the email, so I guess setting a filter to delete emails before downloading them is not good enough for you, is it so? — Mindwin, Jun 30 '15 at 12:49
Seems that title is a quite simple: I thought it was about how to implement a secure unsubscribe link when I saw it in Hot Network Questions. — Gustavo Rodrigues, Jun 30 '15 at 15:31
There is no way. For me, if the email is legitimate, from a reasonably trustworthy source, or from known mailing system (MailChimp, ConstantContact), then I click unsubscribe. If it is pure spam, I block the sender. They already got through a CAPTCHA (SpamArrest), so I know they are at least not a bot. — Chloe, Jun 30 '15 at 20:13
I've occasionally been removed from spam lists by doing a WHOIS on the originating domain, and emailing a legal cease and desist order to them, notifying them that they are in violation of the CANSPAM act. That usually makes it stop. — mopsyd, Jul 01 '15 at 21:32
Out of scope of the question, but please don't forget you can always create email filters to block or delete from senders you don't like. Most email services have filters (but not all). — rlb.usa, Jul 01 '15 at 22:10
I click on unsubscribe if it looks something I might have subscribed to. If I get taken to an "ok, you're unsubscribed" page then that's it. If they want me to log in then they've designed it badly (by not including some id in the unsubscribe link to temporarily uniquely identify it as coming from me) because they're then expecting me to determine whether it's a site I care about asking me to log in vs someone pretending to be a site I care about; something I cannot be bothered to do. In this case I just go back to my email and mark as spam then delete. — , Jul 05 '15 at 10:51
A filter is better than "unsubscribe." So-called legitimate spammers, *e.g.* MailChimp, will accept any email address a customer gives them and bombard you with spam. Filtering these messages, so they're received but you don't see them, increases the spammer's cost. Good. — Bob Brown, Feb 28 '16 at 12:43

WernerCD · Answer 1 · 2015-06-30T13:39:27.143

171

I think the one thing the others (as of this post) hasn't mentioned: Source of the spam

I would say you should differentiate between "Good" spam (Something you signed up for - knowingly, accidentally, "opt-in" purposely, "opt-out" not clicked)... And "Bad"/"Unknown" spam (random garbage that likely uses the click for tracking).

I have no issue clicking "unsub" from Lowe's email (I signed up for "Weekly Specials" when I got my Lowe's Card. Then later, I realized I don't want those emails)... but I wouldn't click on "CH3@P V1@GRA!!!" unsub links.

One is someone you KNOW should have your email and you know they know you are active. The other is someone who probably doesn't know you are active - until you click that link.

Edit: As mentioned in comments: There is Good and Bad spam, but sometimes you are unclear. I've had the same gmail address for 10+ years now. Lots of stuff comes in. Personally, I have a good idea of what spam I'm supposed to get (News letters, stack notifications, facebook updates, bill reminders, etc)...

I also kinda know whats outside of the normal. Normal has changed as I've been actively "unsubbing" from stuff I expect because I don't read it anymore (largely due to changed job and changed newsletter reading), but I still have an idea of the expected ebb and flow.

If I'm unsure, I err on the side of not clicking in the email and instead click "mark as spam". This keeps me with two buckets: Good and Bad(/unknown).

edited Jun 30 '15 at 13:39

answered Jun 30 '15 at 12:42

WernerCD

1,441
2
10
8

2

Of course! But @Nrc is only talking about "bad"/undesired SPAM. Unsubscribing from Newsletters/"Good Spam"/Trusted Senders is almost safe. – Danny. Jun 30 '15 at 12:44
15

@Danny. `I have heard that is better to **never click to any link in an email**. Is it a bad idea to click to a unsubscribe link? What is the best way to unsubscribe to undesired mails?` - Emphasis/paraphrase: "ANY link in ANY email". "Undesired" could be stuff you signed up for (like Lowes Weekly Specials in my example). I would say this question is more broad than "bad". – WernerCD Jun 30 '15 at 12:46
When I remember I subscribed and it is trusted font, of course I unsubscribe. When it is a span, of course I do not click to unsubscribe. The problem comes when it is not clear – Nrc Jun 30 '15 at 13:25
@Nrc if it's unclear, I'd personally err on the side of not clicking. (or clicking "Mark as spam" in google and forgetting about it) – WernerCD Jun 30 '15 at 13:32
@WernerCD Have you tried unsubscribing with `curl` using `curl -L `? – Jared Burrows Jun 30 '15 at 15:51
2

@JaredBurrows I don't think "how" you click a link (In the gmail web app, in outlook, copy/past link into Netscape Navigator or sending a pigeon... or via CURL) matters in this regard. The question is do "They" know "this" email address is active? If you respond to it in any way, they do. If it's a company you deal with (etc: Lowe's), the know you use this email and the question of "is this email active" is irrelevant so click away... if it's an unknown company, they don't know until you "respond" - even if via CURL. – WernerCD Jun 30 '15 at 16:06
Yeah It does not matter. They would know the link was clicked on anyways. I meant to say is it safer than opening it up in a browser. – Jared Burrows Jun 30 '15 at 18:01
@JaredBurrows Well, I assume (You know what happens when you assume?) it would be. CURL is going to be simpler - no plugins like Flash, javascript, etc - so that would mean a smaller attack surface. On the flip side... Good and Bad messages can be linked to a secondary page that requires interaction: `Are you sure you want to do this? Why? Do you not care about our children? Is it really you clicking the link or are you lying to us (and our poor destitute childred)?` that CURL wouldn't be able to interact with. – WernerCD Jun 30 '15 at 19:18
7

This answer is much better than the accepted answer. There are a number of lists I've intentionally (and unintentionally) signed up for over the years. I've found that, especially if the email is from a known managed provider (e.g. Mailchimp) the unsubscribe link is useful. Echoing others, I'd err on the side of caution and not click an unsubscribe link if I'm unsure whether the sender (or their mailing list provider) is trustworthy. – Doktor J Jun 30 '15 at 21:12
It's not just the stuff you signed up for but stuff from affiliates. When company A sells a list of prospects to company B you can get stuff that's unwanted but they'll still honor unsubscribes. It's only the sleazy stuff you shouldn't touch. – Loren Pechtel Jul 02 '15 at 02:58
1

@LorenPechtel Personally, I would put those in Bad(Unknown). If Dewalt sends me an email because they got my Address from Lowe's - it's still not something I personally signed up for IMO (even if the small print says Lowe's will share with affiliates). It's unexpected and gets the Report Spam Gmail Salute from lil ole me. It's more of a grey area, since I "trust" "Lowe's". – WernerCD Jul 02 '15 at 14:35
There are phishing emails, that looks like a "good" spam. For example, I had one that looks like an email from linkedin – BЈовић Jul 03 '15 at 14:08

Danny. · Accepted Answer · 2017-06-20T10:22:11.930

63

You should not click on any links. By clicking on the "unsubscribe" link you probably get marked as "Active Reader" which is willing to interact. You also get on the page of the sender, which might could infect you with malware.

Remember: With clicking on any link you've confirmed to the sender that your email address is both valid and in active use.

Just delete and ignore it. Your email then might get marked as "inactive".

edited Jun 20 '17 at 10:22

answered Jun 30 '15 at 09:46

Danny.

1,015
9
16

130

I followed this advice for many years, but the spam never stopped. About a year ago I started actively unsubscribing from all spam mail I got when a link was provided and I now get pretty much zero spam. While you obviously need to take care clicking *any* link from an un-trusted 3rd party, if you want to stop receiving emails then you need to unsubscribe (its not like it costs them any money to send those emails) – Justin Jun 30 '15 at 12:12
5

There is a huge market where "active" email adresses are traded. How they evaluate if one email is active/in use? With such "unsubscribe" links and other methods. Please have a look at: https://www.spamhaus.org/consumer/removeisformugs/ – Danny. Jun 30 '15 at 12:16
19

@Justin Businesses in the US are legally required to respect unsubscribe requests from users they send email to, so clicking said links definitely *can* be effective as long as the spammers are following the law (obviously though, some sources of spam are based outside the US or sent by people who don't care about the law). https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business – Ajedi32 Jun 30 '15 at 13:19
1

Nice, but this misses the goal: **unsubscribing**. This just like reading the e-mail and then putting it in the trash. Why would the e-mail address then be marked as inactive? – Nicolas Barbulesco Jun 30 '15 at 14:42
5

US business are legally required to unsubscribe you, but *they are still in possession of your email address* and can then sell it on to other mailers. Nothing prevents them from doing so. Is your goal to get off this particular list, or minimize the amount of junk mail you receive? – Snowbody Jun 30 '15 at 14:48
3

@NicolasBarbulesco two choices: Believe the sender removes your addy from his list or not. From what I know (any many others too) spammer using the unsubscribe trick to find out which addy is active and in use (these can be sold for much more money). May they delete you from one list and sell your email address to 5 others. Best way is (personal opinion!) mark it as junk, delete it. – Danny. Jun 30 '15 at 14:51
34

@Danny. Please don't do that on a service used by others, like Gmail or Hotmail, at least not for lists you actually signed up for. By marking as junk, you are affecting other people who _do_ want to receive messages from those lists. – Michael Hampton Jun 30 '15 at 20:37
1

@Adi Actually, Justin is partially correct. I would say to instead only click unsubscribe if you are 100% sure that the e-mail is legit. If you are not 100% sure or you know for sure that it's just spam trying to trick you, then create a rule that would automatically send that type of e-mail to the spam folder. – John Odom Jul 01 '15 at 20:26
3

@Justin is indeed partially correct. Some spam comes from partly reputable lists with poor data acquisition. Part is just random spam. I have 2 main mail accounts. On one, I took up hitting unsubscribe links *only* on mail from a sender that had previously sent a couple of similar mail with unsubscribe links (some of which were emailing daily). Around 80%-90% of these sources stopped. Of course I have no way of knowing if when stopping they passed my 'verified' email address elsewhere. – abligh Jul 02 '15 at 08:19
1

@abligh: I *do* know when people pass my address on to others (although I don't know whether it was intentional or a data loss), because I use different addresses for different people. It's rare for "legit" people to pass on addresses, but for example I've had outright spam on an address I used only with a bank. Unsubscribes where I gave the sender the address *usually* work, but I don't even bother trying unsubscribes on stuff where the address has been passed on so I can't say whether it's effective or not. – Steve Jessop Jul 02 '15 at 09:02
@SteveJessop sure. confused.com is an obvious offender. However I suspect they pass addresses on whether you've hit unsubscribe or not. – abligh Jul 02 '15 at 12:40
@Snowbody No, the CAN SPAM act specifically forbids selling the Do-not-call list for other people to spam. – Superbest Jul 02 '15 at 21:59
1

@MichaelHampton I do know that some services, like Gmail, will try to convert "mark as spam" directives as "unsubscribe" attempts for major lists (e.g. Best Buy membership). – apnorton Jul 03 '15 at 02:26
Pretty sure it's NOT safe to use Gmail's unsubscribe button. It uses the unsubscribe link in the email. – Dan Rosenstark Mar 01 '17 at 15:27

score 6 · Answer 3 · answered Jun 30 '15 at 09:53

6

In addition to being marked as an active reader as @Danny says, unsubscribe links could be used to infect your system with malware. If you actually subscribed to the site and want to unsubscribe the best way to do it is log into the site and change your preferences. Otherwise report it as spam and delete it.

answered Jun 30 '15 at 09:53

GdD

17,291
2
41
63

1

Ok, thank you. When you say "report it as spam" you mean just mark it as junk? (I am in a Mac) – Nrc Jun 30 '15 at 11:03
1

How you mark as spam depends on the program you use and your email provider. – GdD Jun 30 '15 at 11:05

Agent_L · Answer 4 · 2015-06-30T13:07:47.510

It's pretty much a coin toss. If the spammer is a honest one, you'll get unsubscribed. If he's a malicious one, you'll get marked as "active reader" and get enrolled in even more spam lists.

The second option silently assumes that it's actually worth the spammer's time to keep track of "good" and "bad" recipients, that is, that having a tracking system is more cost-effective than simply sending more spam. That may or may not be true. You have to decide that on your own.

I'd disregard the "you may get infected" argument, because it's not a threat exclusive to spam - you should keep your browser updated and ignore install requests all the time, not just sometimes.

I personally tend to ignore spam and wait for mailbox provider to update their filters. But I do believe that many unsubscribe links are legit because few times they've worked for me.

score 4 · Answer 5 · answered Jul 01 '15 at 07:54

If you know the sender has got your email address legitimately, as per @WernerCD's answer ('Something you signed up for - knowingly, accidentally, "opt-in" purposely, "opt-out" not clicked'), go to their website and unsubscribe there.

Many companies use third party web sites as end points for the unsubscribe links ("mailbot.com/unsubscribe" as opposed to "company.com/unsubscribe") in their emails, making it virtually impossible to know whether it's actually spam or not. The company already has your email, so they will definitely continue spamming if you don't do anything, and would have shared your email already if they are so inclined. Of course, their unsubscribe functionality may not work, at which point you should just treat them as another spammer.

Or their unsubscribe functionality does work, but it will "take 10 days for your name to be removed from our list". If I unsubscribe and get another marketing email from them, BAM, marked as spam. — Les, Dec 01 '16 at 13:46

score 3 · Answer 6 · edited Jun 30 '15 at 12:38

3

I use hotmail (live/outlook...) and in their web client, at the bottom of each email they have an unsubscribe button, it is not part of the email it's within the mail client and this button will unsubscribe you from sources which they trust and have set up this system with.

If the source is not trusted they will simply block them from sending you further mail.

This works well in both scenarios, and if you use a different provider there should be a way to block senders.

edited Jun 30 '15 at 12:38

Vilican

2,703
8
21
35

answered Jun 30 '15 at 12:20

jbaldwin

131
4

2

This is very interesting. But I dont't like the "block" part. Typically, I want to unsubscribe from Apple's news, but I don't want to block e-mails from Apple. – Nicolas Barbulesco Jun 30 '15 at 15:04
good point, which I hadn't considered, but you do not need to block the whole mail domain, for example with apple you could block 'newsletter@apple.com', so you could still receive mail from 'support@apple.com' but if something is certainly not to be trusted block the whole domain. I feel it is more proactive than the other answers here. – jbaldwin Jun 30 '15 at 15:29

score 2 · Answer 7 · answered Jul 02 '15 at 21:54

In the USA, there is the CAN SPAM act which requires advertisers to honor and respect unsubscribe requests. Violating this is a very serious crime. You can report it easily to the FTC, and if it's a US company, they will get into a lot of trouble. Because of how bad the punishment is, legitimate companies rarely disregard unsubscribe requests - you can safely unsubscribe from those (and in fact it's better because you don't pollute the spam filter with non-spam data).

With shady companies that use the unsubscribe link as a trap, of course it is a bad idea, they will just send you more spam and sell your email for more money. You can usually figure out easily if a sender is legitimate - just look at the TLD, if it's a .com check the WHOIS, see if there's a physical address anywhere on their site or in their email. Getting "respectable" TLDs like .com is pretty hard for spammers, because they will quickly get reported for abuse and registrars will punish them. They prefer obscure TLDs like co.cc where the abuse prevention doesn't work very well.

But if you are getting a promotion from Target because you bought a pair of shoes there last week and gave them your email, of course they're not going to keep sending you spam after unsubscribing. Getting slapped with criminal charges just isn't worth it for them.

Be careful about clicking links in dodgy spam. They stuff a unique per-mail ID into every link (usually will look like www.buythesedrugs.com/store?id=baef8f6785b26c986d29) - if you click that link, even if it's nothing to do with unsubscribing, the spammer can see what email that id was sent to and deduce that you are getting and reading his mails. If you manually remove the id, and go to just www.buythesedrugs.com/store you will be fine (but don't enter your email anywhere).

score 1 · Answer 8 · edited May 23 '17 at 12:40

If you are using Gmail it should be safe to click Unsubscribe link right after the "from" name in the Gmail interface. Google tries to validate senders and show Unsubscribe only for senders with a high reputation:

We won't provide the unsubscribe option on messages from spammers: we can't trust that they'll actually unsubscribe you, and they might even send you more spam. So you'll only see the unsubscribe option for senders that we're pretty sure are not spammers and will actually honor your unsubscribe request. We're being pretty conservative about which senders to trust in the beginning; over time, we hope to offer the ability to unsubscribe from more email.

See also this relevant question on StackOverflow.

score 1 · Answer 9 · answered Jul 02 '15 at 15:25

My experience with such links is that the amount of spam that I receive tends to decrease when I click on such links. Although most such links go to a similar/identical page as each other, I am of the opinion that those links are provided in order to legally cover the spammers - because anyone sending email has a legal obligation to stop sending at the recipient's request, thus they are legally covered as they have provided a way to request to receive no more emails from them. In order to reduce the number of people who unsubscribe (and thus increase the number of people that they can continue spamming) they make the links difficult to find. That's my experience anyway.

score 0 · Answer 10 · answered Dec 14 '16 at 15:16

What is the best way to unsubscribe to undesired mails?

Sometimes I begin getting spam from sites where I have never registered or subscribed to receive their newsletters. This looks weird to me because I can recover password from these sites, login and change subscription settings while I have never registered on them. This is some sort of "Good" spam as @WernerCD says.

In this case I usually alter my subscription email address to any free disposable email address such as ThrowAwayMail.com or 10minutemail.com (I can do it after logging in). I guess that it is better way of unsubscribing because chances are my real email will be completely deleted from spam list.

that's ok - some people don't know you can edit your own answers — schroeder, Dec 17 '16 at 13:31

Unsubscribe safely

10 Answers10

Linked