Does SPAM Unsubscribing Really Work? 107
dacarr asks: "An associate on a mailing list I am on recalled an article (which he, in turn, does not recall), in which the author managed to reduce his spam some 80% by, of all things, using the provided 'unsubscribe' mechanism in the messages. This is totally counterintuitive to what most of us have learned (doing so was a spectacularly good way to actually *confirm* your address) - but perhaps this isn't the case anymore, based on this. Has anyone else had any luck as far as this goes? By following the aforementioned unsub links, said associate found a number of broken links and dead addresses (and one link that tried to create an attachment and email it out (which he stopped)), but after three days and 400 unsub links, he trimmed his spam levels 'from an average of 250 a day to just 40 today' - that's just around 17% of what he was getting. Maybe spammers are getting their act together and listening for a change." Do any of you have any anecdotal evidence to provide to confirm or contradict this? Have you been able to lower your spam volume by "unsubscribing"?
I've been thinking about doing this (Score:1)
Actually, although I don't have time now, when I run my own mailserver in a year or two, I plan on getting an odd domain -
What really sucks, though, is being joe-jobbed
Re:I've been thinking about doing this (Score:5, Funny)
Sincerely,
Alan Ralsky [freep.com]
CEO, Email Clearing House
Re:I've been thinking about doing this (Score:2)
Spammers don't filter on domain extensions.. My
Re:I've been thinking about doing this (Score:1)
Having, say, magenospamfile@foo.com would also help, but the problem there is letting humans know that for once they're not supposed to take out the nospam
I tried it once (Score:5, Informative)
my 2c
Re:I tried it once (Score:5, Informative)
After about a month of effort, I reduced my SPAM by more than 1/2 for a short while. Within 3 months I was at a higher level than before.
Just because you unsub from the SPAM source doesn't mean your address is removed from the databases / CDs that the SPAM source purchased. It is the harvesters that are truly evil.
And I have a number of addresses that have never been published and yet occasionally show up with SPAM. I wouldn't be surprised if the harvesters are making use of Outlook addressbook exploits to further harvest.
Re:I tried it once (Score:2)
It could confirm your address... (Score:2)
I would guess that if the headers seem reasonabley genuine, then unscribing might work, as it could just be something you accidently signed up for in the old days.
My own suspicion is... (Score:5, Insightful)
The other possibility is that some spammers are still using the functionality to validate e-mail addresses, but as part of that action, they hide the fact from the recipient by suspending spam to the address for some weeks or even months before re-distributing the address to their buddies. As a result, the recipient thinks that the "unsubscribe" worked, but in the end gets even more spam.
Then again, I could be wrong. I am sitting at around 2-300 spam messages per day, if I see other reports that this is working, perhaps I will try it out as well.
-Rusty
Re:My own suspicion is... (Score:3, Insightful)
Re:My own suspicion is... (Score:2)
At work I get about twent
Re:My own suspicion is... (Score:2)
I have an email address I established in '93. I happily used it on Usenet posts, posted artwork on web sites and included the address, posted to majordomo discussion lists on art and code, etc. It's also been used in numerous Whois records... Maybe that's the problem. In any case, it gets close to 400 spams a day these days.
My poor, ancient, Pentium-120 mail server is heavily slammed, especially since I now run Spamassassin on it. I've also had to dump my mail logs
Re:My own suspicion is... (Score:2)
Re:My own suspicion is... (Score:1)
From that they sold my alter-ego to a number of mortgage companies, who in turn has became infected with a virus and from there on the rate of spam keeps accelerating to the point that I forward most of my mail to a yahoo mail account which sorts out
Re:My own suspicion is... (Score:2)
Re:My own suspicion is... (Score:2)
Are there other people like me out there?
I would bet your lack of spam may actually be a side-effect of not signing up for sweepstakes (ever read the fine print on those?), opting out always (fine print!), not posting to crap TV show blogs or whatever, not registering every little product that comes with a registration card (remember to opt out!), telling cashiers to fuck off when they want your contact information to complete a sale, etc.
In short, I bet you are not a complete moron like most people, so
Re:My own suspicion is... (Score:2)
"Claim"? Just because it isn't happening to you doesn't give you reason to question the truthfulness of people to whom it is happening.
The addresses I get the most spam sent to are ones I've had published on various web sites (especially the long-standing ones, such as one for a shareware program I wrote 6 years ago) and the address I used for much of the 90's on Usenet (back when I was young and foolish about such virtual promis
Re:My own suspicion is... (Score:1)
May I steal that?
Re:My own suspicion is... (Score:1)
Re:My own suspicion is... (Score:1)
Re:My own suspicion is... (Score:2)
Much of my spam still goes to my primary address, which is still up in many places on the web. But a substantial portion now goes to tagged addresses. I haven't run any stats, but my impression is that web-harvested addresses are the biggest source, followed closely by Usenet news posts. A vigorous runner-up is addresses taken from WHOIS records.
The only way to test "unsubscribes"... (Score:1)
I've entered uce@ftc.gov into several spammers' "opt-out" webpages, and they all come back with "Thank you. u
With high bandwidth, does it matter? (Score:4, Interesting)
But since the OP asked for anecdotal evidence, my mom began clicking on every unsubscribe link she came across. She called me to tell me this (and I knee-jerked about what a horrible idea it was). Then she told me that her spam had decreased significantly since she'd begun unsubscribing, and
Re:With high bandwidth, does it matter? (Score:2)
Re:With high bandwidth, does it matter? (Score:1)
Re:With high bandwidth, does it matter? (Score:2)
Pure Luck? (Score:5, Informative)
Re:Pure Luck? (Score:5, Interesting)
You know, it might have just grown anyway, as the email address was copied from list to list...
It might have been a good idea to do a control study, where you set up two emails, equally obscure and subscribe to the same sites. On one email unsub., and see what happens.
Re:Pure Luck? (Score:1)
-Peter
Re:Pure Luck? (Score:3, Interesting)
Thanks. That would explain all of forged sandman@honeypot.net [honeypot.net] spams that I have to deal with.
Yes, I own honeypot.net. About once a week, some jackass decides that "foo@honeypot.net" would be a splendid From: address, so I suddenly get thousands of bounce messages, whiny upset recipients, and other administrative hassles. My Sendmail reject list is growing longer by the month.
Re:Pure Luck? (Score:3, Informative)
Re:Pure Luck? (Score:2)
This was swell until some dolts made things like wpoison, which put up spambot bait pages with randomly generated email addresses made up from dictionary words.
Yesterday, I got 149 spams thanks to the not-clever-enough efforts of anti-spam activists. Thanks, guys!
I've had good success with this. (Score:2)
Re:I've had good success with this. (Score:2, Funny)
Legit spammers? Do they exist?
Is it legal to use "legit" and "spammers" in one sentence?
Re:I've had good success with this. (Score:1)
Sure! "I once was a spammer, but now I'm legit. I run an opt-in Majordomo list."
Not gonna try it (Score:2)
I'm a little too skeptical to try it with my primary email address. I tend to agree that some if it may go away initially, but your verified address will eventually be sold.
Unsubscribe links make cash (Score:5, Informative)
For what it's worth, I read an article similar to this one about a year ago. I clicked all the opt out links in my Yahoo account and continued to discard spam unread in my self-run account. I'm only one guy, which makes this statistically insignificant (and thus, it would be highly irresponsible to do something like writing an article about it!), but I can definitely confirm that the Yahoo spam skyrocketed while my other account stayed the same.
Re:Unsubscribe links make cash (Score:2)
You know, sending about 10,000 virtual eyeballs to each one of those ads might not be a bad idea. When the first advertiser gets hit with an $87,000 bill for a month's worth of impressions, a public and ugly court battle between a spammer and his clients might dissuade other ideas from doing business with either party.
I'd be willing to help a spammer "earn" some outrageous, uncollectable fee if I thought that the r
Re:Unsubscribe links make cash (Score:1)
More likely is that the banner advertiser just refuses to pay and lets the spammer try and take him and one of his disposable shadow companies to court.
Re:Unsubscribe links make cash (Score:2)
Now, someone would notice that lawsuit and report on it - spam + lawsuit == public interest. When they did, it might make a spammer's would-be partners think twice about going into business with them, in much the same way that SCO's lawsuits against their own clients certainly isn't making their sales telephone ring off the
Re:Unsubscribe links make cash (Score:1)
The point you missed is that the advertisers are equally shady, and can just go "belly up" and start over with a "new" company.
The two were made for each other. It's truly beautiful.
Hmm... (Score:5, Funny)
Fox: "No, really, we only eat bugs and stuff."
Chicken: "Oh, really? Great! Lets do lunch"
Fox: "Muahahaha"
Re:Hmm... (Score:1)
Do not attempt this, you will get more spam (Score:2, Informative)
Red Herring? (Score:4, Insightful)
What better way to try and reassure people that unsubscribing via the link in a spam email works and therefore get even more unsuspecting people to verify their addresses?
Re:Red Herring? (Score:1)
Not entirely the same method, but effective anyway (Score:5, Interesting)
When I register on a page (New York Times, for instance), I simply enter a non-existent email address with the name of the service: newyorktimes@[mydomain.com]. Any email (passwords) sent to that address will end up in my personal inbox, and I can easily check to which address it was delivered originally (by checking the "To" field or scanning the headers of the message).
The key part is that you can't use that address for ANY other purpose. Don't post it on forums, don't use it to subscribe to other services. If there's a spinoff-service from a site you're already registered to, and it requires you to register again, use a new address. It'll all end up in the same inbox anyway.
This has two upsides: it's easy to create sorting-rules in my email client and, in relation to this
In fact, its even hard proof for them selling your message, so you can back-track the user agreement and see if they're allowed to do that.
The big downside to this is that when you use a fake address for a public mailinglist, they can require you to send mail from that fake address. Then, you'll need a client that allows you to change the From-field in one way or another.
My $0.02.
P.S. I know you can get my domain from looking at my profile, but I figured I keep the example simple by using [mydomain.com].
Re:Not entirely the same method, but effective any (Score:1)
I get tons of bounces from spam to things like: jsdjfqwnc@[mydomain.com].
Luckily these are relatively easy to filter, but are superbly annoying. Why do these spammers pick on my and my little, innocuous domain?
Worse, every once in a while because somepeople don't understand that from headers can be forged, I get on a blacklist, so my mail can't ge
Re:Not entirely the same method, but effective any (Score:3, Funny)
This also keeps your e-mail address out of the computers that are most likely to pick up trojans, spyware, and viruses.
separate catch-all subdomain (Score:2)
My primary mail domain is not configured to be catch-all, but I have a subdomain which is. In other words, I use addresses like newyorktimes@subdomain.mydomain.com, and I'm not bothered by dictionary attacks or forged mail bounces to jsdjfqwnc@mydomain.com.
Spammers don'
Re:Not entirely the same method, but effective any (Score:5, Informative)
You create throwaway addresses on the fly (just make them up - no logging in) and email gets forwarded to your real address. Works great for addresses you only expect to receive a few emails from (like when registering for NYT, etc), as the address automatically expires once you receive a certain number of emails. If you want to continually receive email at that address, you can specify an exclusive sender (by email address or domain) to allow email to come in indefinitely.
Works great and is free too.
Re:Not entirely the same method, but effective any (Score:3, Interesting)
I run BSD on my domain and when I get 'bad' email hits, I have a realtime process that detects this and adds IPFW 'block' statements to cut that turkey off WHILE he's trying to smtp me. having my firewall and mail server on the same box lets me to this very realtime.
so while someone tries to send to "sales@" or something equally guessy and dumb (for my domain), he gets ipfw'd and he doesn't even GET to try to talk to me ever again.
it works. but only for small controlled s
Re:Not entirely the same method, but effective any (Score:2)
but if its a dictionary username, then REALLY block him. ie, add him to your etc/rc startup file as a perm block entry (really).
for extra credit, keep track of the hits and age entries out that haven't been hit for a while. but with today's cpus being so fast, I'm not even sure I _need_ to age entries out. a ghz processor can proc
Re:Not entirely the same method, but effective any (Score:2)
Unless they were hacked and their DB was stolen. (This is of course a good excuse for them to use because you can't really disprove it. But then again, my former ISP was hacked and we started receiving spam at our account.)
Nevertheless, this trick with using a unique e-mail alias is very effective IMO. I use it, and my main inbox that I actually use is 99% spam-fr
But does it work? (Score:2)
As things are now, I have to check all bounce messages because I can't remember all the fake email addresses I've given out.
Re:But does it work? (Score:1)
Re:Not entirely the same method, but effective any (Score:2)
What I do is similar to what you do (individual email address for everything I register for), except that I use sendmail's alias feature. I simply create an alias to my main mail account. Once I start receiving spam to the alias, to the virtual shredder that address goes.
Re:Not entirely the same method, but effective any (Score:2)
But this has its downsides. I'm not in the spammer's databases only as menscher@uiuc.edu, but as menscher+blah@uiuc, menscher+foobar@uiuc, and menscher+measlemorp@uiuc. So I get duplicate spams sometimes.
Re:Not entirely the same method, but effective any (Score:2)
Get with the program - RFC 2606 [faqs.org] clearly says that example.com has been set aside specifically for this purpose.
Wouldnt recommend this method (Score:2, Insightful)
No, it doesn't (Score:4, Funny)
Really, what's with the uppercase? Is "spam" an acronym now?
Re:No, it doesn't (Score:5, Informative)
The SPAM and the Internet FAQ is located here:
http://spam.com/ci/ci_in.htm
acronym (Score:1)
Opt-out does work... (Score:1)
If you "unsubscribe" a few hundred email addresses in parallel, you can even /. a spammer's server and make it quite impossible for spam victims to order penis enlargement pills.
Used Car Salesmen (Score:1, Offtopic)
I am looking into replaceing my '73 Ford Pinto and am considering going to a used car lot rather than a private sale. I know used car salesmen have a bad repuration, but some of them insist they are trustworthy. When a Used Car Salesman says they are telling the truth, can I beleive them?
Answer:
On occasion: yes. As a rule of thumb: don't count on it.
It's the delemma of return business. Sell one that's a lemon and you won't come back to the lot. Sell one that's too good
Even if it works.... (Score:2)
Yes, it works. (Score:1)
Re:Yes, it works. (Score:3, Informative)
[disclaimer: I'm associated with spamgourmet -- if that bugs you, please *don't* follow the link
Re:Yes, it works. (Score:1)
Atleast, that's why I started getting spam. Someone that doesn't like me went and signed me up for them. It seems as though the actual newsletters are legitimate, but then they sell off your address to pr0n and penis pills. The unsubscribe links for the legitimate mailing lists worked, and I've gotten my Mozilla Mail junk filter t
Unsubscribing is a Bad Idea (Score:2)
Unfortunately, the vast majority of spam lists are run by less-than-reputable companies and/or individuals. Unsubscribing from one of their lists will, at best, get you off that one list but then added to a bzillion more (at a premium, too, since you've now confirmed
Re:Unsubscribing is a Bad Idea (Score:2)
I did something similar with a few companies a few years ago. One of the things I found was that a lot of the "We've removed you" is basically bogus. I spent about 2 hours one afternoon entering bogus information into the "unsubscribe email address" box and each time I got a "Your email has be
Re:Your friend? Umm yeah. we believe you (Score:1)
Re:Your friend? Umm yeah. we believe you (Score:1)
Depends on where the spam is coming from (Score:2)
In the case of harvested addresses, this technique probably will not work. But in the case of
I did this, but went a little farther. (Score:1)
1. Follow the unsubscribe instructions given in the spam
2. If no unsubscribe instruction was given(or it wasn't working after a few days) I would follow the links
People not using unsubscribe is a pain in the ass. (Score:2, Insightful)
Each time we send a email out dozens of people call us to bitch about it. We've been accused of "domestic terrorism" more then once. People scream about receiving emails for the last three months. I'd like to ask them why the hell the waited until they waited
Re:People not using unsubscribe is a pain in the a (Score:3, Insightful)
The problem is, there's nothing you can do to assure legitimacy that spammers don't abuse. A good chunk of spam assures you at the bottom of the message that you really
Re:People not using unsubscribe is a pain in the a (Score:2, Interesting)
Hotmail (Score:2)
Since I had considered my hot
Re:Hotmail (Score:2)
Unsubscribing really works . . . (Score:2)
And SCO is really only trying to help Linux.
Oh, and in other news, the Easter bunny really exists!!
Really, truly!!
Filters (Score:1)
I own a domain and provide advertisement free email accounts. Luckily I've never caught a spammer among my users. However, over half of my bandwidth charges each month are from users downloading all the spam they get. I'd think that some of my users would use the blacklisting and spam filter each account comes with, but they don't. If only I could get th
If you have your own domain... (Score:1)
Re:If you have your own domain... (Score:1)
If they send you "legitimate" email after spamming you, that's THEIR loss, not yours.
Spam Unsubscribing is like... (Score:2, Funny)
"Hello, this is John Smith living at 1234 Any Street. I have a lot of valuables and carry a lot of cash on my person, please do not rob me or bugularize my house."
I wrote an unsub script (Score:1)
I also happen to know that clicking the "this is spam" in many ISP webmail clients works as well. Sometimes the email marketer is notified to stop sending email to that address. It all can happen very automatically, and in a way "this is spam" is like a trusted opt out, with penalties if the emailer doesn't listen to requests.
-Jackson
There ARE responsable ones (Score:2)
It all comes down to who you submitted it to, and if they can really be trusted.
Some will share your email, and their 'partners' will also honor remove requests.
The really bad offenders I find are those that try to sell prescription drugs (viagra, etc., and other more generic stuff as well), the dept management/morgage spammers, and that id-10-t that thinks I need another diploma. For the morgage stuff I actually let them call me and tell them their lead finder is a spammer
Playing by their rules (Score:2)
I can't immediately think of any reason why this would be harmful on an individual basis, but over time, with hundreds of spammers being able to claim that I have shown
no (Score:1, Informative)
Does SPAM Unsubscribing Really Work? (Score:1)
For every unsubscribe request, spammers may or may not actually unsubscribe.
Always, attempt to unsubscribe qualifies your address as a validated one.
Spammers always sell validated addresses to other spammers, whether they actually unsubscribed it or not.
Conclusion: after unsubscribe you always recieve more spam than before.
Best strategy is don't touch any spam links. Often they are encoded with uids associatable with your address somewh
BS (Score:2)
I've submitted several slashdot articles (Score:2)
FWIW, 22 minutes after posting to the main page is the record for the first spam to arrive