Subscribe to the Free Print Edition!
Celebrating 25 Years

GCN Home > 06/01/04 web stories

Unsubscribe links: Spam killer or sucker list?

By William Jackson, GCN Staff

Federal law requires e-mail advertisements to include unsubscribe or opt-out links so that recipients can avoid receiving future messages.

The Federal Trade Commission, charged with enforcing these laws, would like for recipients to use these links to reduce the volume of spam. But the common wisdom among systems administrators and security experts is that you should never—ever—respond in any way to spam. It only encourages them.

It turns out that the security experts are right, at least part of the time.

Lashback LLC of Millstodt, Mo., offers an anti-spam product that filters and blocks unwanted e-mail. The company also has been building a database of how reliable the unsubscribe mechanisms on the spam it collects are.

“We’ve found that about 10 to 15 percent of the mechanisms are not trustworthy,” said W. Brandon Phillips, president of Lashback.

Some of the links simply don’t work, and others are used to verify that the recipient’s e-mail address is “live.”

Some spammers do not even pretend to offer unsubscribe links.

The federal anti-spam law, Controlling the Assault of Non-Solicited Pornography and Marketing Act, which went into effect this year, specifically requires some form of opt-out mechanism. And the Federal Trade Commission Act, which prohibits deceptive advertising, while not requiring unsubscribe links, already required that any links included in e-mails actually work.

Most people rely on filters of some kind rather than opting out of spam lists. Lashback offers an alternative. The application integrates in Microsoft Outlook and Outlook Express clients. When spam makes it through the filter, a button on the tool bar automatically sends offending e-mails to Lashback, where they are blocked based on a series of features.

There is also an automated search for unsubscribe mechanisms, which the company uses to send a “seed.” It then monitors the results from that request.

The surprise was that only 15 percent of the links are bogus.

“A lot of people are trying to do it right,” Phillips said.

But that does not mean using an unsubscribe link in spam is a good idea.

“It’s not odds I’d like to take,” Phillips said. Because the 10 to 15 percent who are abusing the link often are the most obnoxious spammers. “These are people who are not even trying to play by the rules.”



More news on related topics: IT Security



GCN Popup