Should you Unsubscribe from SPAM?

A reprint from the PC410 Security Newsletter:

Sometimes, yes. Sometimes, no. Here’s how to tell the difference, and why.

First, definitions: SPAM is unsolicited, untargeted email, generally selling something. It’s named after an old Monty Python’s Flying Circus sketch that featured a restaurant with vikings that repeatedly burst into song, singing about Spam, the meat product. They’re still doing it here:


The Monty Python SPAM sketech on YouTube
(And as the Monty Python credits would say: now for something completely different…)

Spam HamThere’s also HAM, which is targeted commercial email, or email that is pointed at someone who is a possible purchaser. A lot of this is completely legitimate, difficult to filter out, and safe to unsubscribe from. Most junk mail that gets past spam filters is ham, and much of the ham can be removed from your daily email.

Don’t Try to Unsubscribe from Everything

If the sender’s email in a spam is an address that has nothing to do with the product, it was probably sent out from a BotFarm of infected computers using stolen email services. Any reply to that just goes to the email server used by the infected computer. Don’t send replies; the owners of those systems have enough problems already–thousands of bounces and “I’m out of the office until…” messages are already clogging their systems. And don’t click any unsubscribe links in those messages, either; they’re either confirming that you read the message, so they can send more spam, or they will go nowhere. Just delete these messages.

If the sender is an actual company that you’ve done business with, and the unsubscribe link is to their own web address, or to a known good newsletter company, yes, click the link and unsubscribe. The best-known newsletter companies are Constant Contact, MailChimp, and MadMimi, and they take spam very seriously, and will honor your unsubscribe requests.

Some of the worst offenders are retail stores, and these are safe to try and unsubscribe from, but unless they’re using a service, their actual removal process may take weeks, or may not actually succeed. Resorting to a phone call is unlikely to work; contact your email provider for a block if the volume of HAM from any one company is annoying.

And a reminder: Float the mouse over a link, without clicking, and the destination should appear at the bottom of the screen. If it’s not going where you expect it should, it’s either evil, or it was sent by someone who doesn’t care about security. Just delete it and move on.