We all receive too much unwanted email solicitations, warnings, and advertisements. It is frustrating and can be overwhelming to the point of being ridiculous. Some days it feels like an unending barrage of distracting deliveries which requires a constant purging of the inbox. Many such emails include an ‘unsubscribe’ link at the bottom which holds an appealing lure of curbing the flood of email destined for the trash anyways. It can be in very small print, almost unnoticeable, or it may be obvious but be careful. Things are not always as they seem. While attempting to reduce the load in your inbox, it might actually increase the amount of spam, and worst case could infect your system with malware!
Beyond being frustrating, there are risks. Email is a very popular method for unscrupulous marketers, cyber criminals, and online threats to conduct social engineering types of attacks. Spam, phishing, fraud and ransomware are common. So before you click on that ‘unsubscribe’ link, here are a few tips to stay safe.
Tips for using ‘unsubscribe’ in spam emails:
Rule #1: If it is a legitimate company sending the email, use the ‘unsubscribe’ option.
- Make sure the link points back to a domain associated with the purported sender. Legit companies or their marketing vendor proxy will usually honor the request.
Rule #2: If it is a shady company do not ‘unsubscribe’, just delete.
- If your mail service supports it, setup a BLOCK or SPAM rule to automatically filter future messages for these.
- If it is seriously malicious, the ‘unsubscribe’ link may take you to a site preconfigured to infect or compromise your system. This is just another way bad guys get people to click on embedded email links. DON’T FALL FOR IT! It may result in a possible malware infection or system compromise.
- If it is semi-malicious, like a spam monster who will send mail to any address they can find, then clicking the ‘unsubscribe’ link actually tells them this is a valid email address where someone is reading the mail. Which is valuable for them to know as they can sell that email address as ‘validated’ to others and use it for future campaigns. End result: more spam.
Rule #3: Some spam and solicitations don’t offer any ‘unsubscribe’ option.
- Just delete. Probably not a professional company you want to patronize anyways.
- If you are in a work environment, be sure to know and follow your corporate policies regarding undesired email. Many companies have security tools which can inspect, validate, or block bad messages. Additionally, they may have solutions which leverage employees reporting of bad email to better tune such protections.
Remember, if you are not sure the email is legit; don’t open or click anything, and NEVER open any attachments, including PDFs, office documents, HTML files, or any executables. Only open attachments from trusted sources as they can be used by attackers to deliver Trojans which may infect your system with malware, ransomware, or other remote manipulation tools. Cybercriminals often look like real companies with real products. Make email life easier by ‘unsubscribing’ with care and necessary forethought.