We all get emails that we don’t want, and sometimes stopping them up can be as easy as clicking “Unsubscribe” at the end of the email. However, some of those links can cause more harm than good. You will end up notifying the sender (in many cases, a spammer) that you are there and your email address is good. Or, even worse, you may even infect your computer with some sort of malware.
Of course, not everyone who sends you email is a spammer and if you know that a sender is trustworthy it’s safe to unsubscribe. Unfortunately, phishing attacks rely on the fact that it’s very, very easy to fake who and where an email has come from, so sometimes it’s all but impossible to be 100% sure who has sent you an email.
Here are 5 reasons why unsubscribing can be a bad idea, whether you do it by sending a reply email or opening an “unsubscribe” web link within an email:
Should you unsubscribe from spam?
No, it won’t help.
It makes your email address more valuable, so you’ll get more spam.
How does it do that?
It confirms that your email is a real email.
It confirms that someone reads messages sent to your email address.
It can expose additional information about you, such as your location.
Malware. Which is worse than spam.
What to do?
Delete, delete, delete.
- You have confirmed to the sender that your email address is both legit and being actively used. If the sender is unscrupulous then the volume of junk email you receive will most likely go up, not down. Worse, now that you have validated your address, the spammer can sell it to his friends. So you are probably going to hear from them too.
- By responding to the email, you have confirmed that you have opened and read it. The sender may now think that you are interested in the subject matter of the email. This is good information for the sender.
- Email replies give info to the senders. If you reply back to the send, either as instructed to unsubscribe or in direct reply asking the sender to stop emailing you, you may have unwittingly provided them with a lot of information such as where your email server is located, information about your email server, and information about your email client. This type of information is located in the email headers that are sent with it.
- If your click opens up a browser window, then you’re giving away even more about yourself. By visiting the spammer’s website you’re giving them information about your geographic location (based on your IP address), your computer operating system, and your web browser. The sender can also put a cookie on your computer which means that if you visit any other websites they own (perhaps by clicking unsubscribe links in other emails) they’ll be able to identify you personally.
- Sender can put malware on your computer. If you visit a website owned by a spammer, you’re giving them a chance to install malware on your computer, even if you don’t click anything. These kind of attacks, known as drive-by downloads, can be tailored to use exploits the spammer knows you are vulnerable to thanks to the information you’ve shared unwittingly about your computer’s operating system and web browser.
While we have email filters in place, they are not foolproof. The senders are constantly trying to get around them. We will soon be moving to a new platform that may improve blocking rates, but sometimes you will just have to delete spam that does come through. Please visit the IT Mashup Blog for further information on avoiding phishing attempts and many other security tips.