Netiquette IQ Blog of The Day - The Dangers of Unsubscribing to Spam

From Sophos – “Naked Security” by Alan Zeichick on September 4, 2014

5 things you should know about email unsubscribe links before you click

Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats. Don't show me this again

Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats. Don't show me this again

Don't forget you can subscribe to the SophosLabs YouTube channel to find all our latest videos. Don't show me this again

Hi there! If you're new here, you might want to subscribe to our RSS feed for updates. Don't show me this again

Already using Google+? Find us on Google+ for the latest security news. Don't show me this again

On LinkedIn? Join the Naked Security discussion group and connect with your peers in the security industry. Don't show me this again

Top of Form

Sorry, something happened and we couldn't sign you up. Please come back later and try again.

Congratulations, you've successfully signed up for our daily news! Check your inbox soon, we've sent you an email.

Sorry, we won't accept that email address. Please try a different address.

We're adding your address to our list...

Don't show me this again

Bottom of Form

We all get emails we don’t want, and cleaning them up can be as easy as clicking 'unsubscribe' at the bottom of the email.

However, some of those handy little links can cause more trouble than they solve.

You may end up giving the sender a lot of information about you, or even an opportunity to infect you with malware.

Of course, not everyone who sends you mail is a spammer and if you know that a sender is trustworthy it’s safe to unsubscribe.

Unfortunately phishing attacks rely on the fact that it’s very, very easy to fake who and where an email has come from so it's all but impossible to be 100% sure who has sent you an email.

Here are 5 reasons why unsubscribing can be a bad idea, whether you do it by sending a reply email or opening an "unsubscribe" web link:

1. You have confirmed to the sender that your email address is both valid and in active use.

If the sender is unscrupulous then the volume of email you receive will most likely go up, not down. Worse, now that you have validated your address the spammer can sell it to his friends. So you are probably going to hear from them too.

2. By responding to the email, you have positively confirmed that you have opened and read it and may be slightly interested in the subject matter, whether it’s getting money from a foreign prince, a penny stock tip or a diet supplement.

That’s wonderful information for the mailer and his pals.

3. If your response goes back via email - perhaps the process requires you to reply with the words "unsubscribe," or the unsubscribe link in the message opens up an email window - then not only have you confirmed that your address is active, but your return email will leak information about your email software too.

Emails contain meta information, known as email headers, and you can tell what kind of email software somebody is using (and imply something about their computer) from the contents and arrangement of the headers.

4. If your response opens up a browser window then you’re giving away even more about yourself. By visiting the spammer’s website you’re giving them information about your geographic location (calculated based on your IP address), your computer operating system and your browser.

The sender can also give you a cookie which means that if you visit any other websites they own (perhaps by clicking unsubscribe links in other emails) they’ll be able to identify you personally.

5. The most scary of all: if you visit a website owned by a spammer you’re giving them a chance to install malware on your computer, even if you don’t click anything.

These kind of attacks, known as drive-by downloads, can be tailored to use exploits the spammer knows you are vulnerable to thanks to the information you’ve shared unwittingly about your operating system and browser.

So how do you avoid unwanted email without unsubscribing?

If the message is unsolicited then mark it as spam.

Marking something as spam not only deletes the message (or puts it into your trash) it also teaches your email software about what you consider spam so that it can better detect and block nefarious messages in the future and adapt as the spammers change their tricks.

This not only helps you, but also everyone else too.

   ============================================

 In addition to this blog, I have authored the premiere book on Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and  Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and  PSG of Mercer County New Jersey.
==========================================