Not really true. Many spams (at least in the past) used to include unsubscribe link, either for faked-legal-compliance, to give some illusion of legitimacy of the mail/originating company to the recipient, and/or to track who is actually receiving them.
But if you landed in a mailing list, there are quite high changes that the unsubscribe link is legit.
Totally true, but sometimes people just want to unsubscribe to a mailing list they got in because they forgot to uncheck the box "send me promotions" when buying something online, or maybe they even signed up on purpose in the past. Still, some of these just mark the mails as spam not to get them any more.
The unsubscribe link is legit, but how did I end up on the list? I've never ever signed up for something with the goal of receiving marketing emails. I've never given explicit permission to receive marketing emails.
So if you send me a marketing email, it's spam because I didn't ask for it. It may be legal but that doesn't impress me.
If you ended up on the list without signing up, well I wouldn't blame you to click the "Report spam" button, because that's what it is.
But I'm pretty sure that some people who actually signed up on purpose to be on some mailing list just click the spam button not to see them any more, because they are not any more interested, or for whatever other reason.
I wish you were right, but that is not the case, sadly. I could give you several examples but here's one: there was a comment on HN a little while ago [1] about a spammer by the name of whitehallmedia. Every single email they send has an unsubscribe link. Clicking it (I used a test email account.) does not have the effect that one might expect.
Are you 100% sure you never just signed up for a newsletter and forgot about it?
Are you 100% sure your email didn't end up there in some other way?
I used to send out some newsletters for my website; just a programming blog thingy. It was just a form with a simple program on the server to collect email addresses. Wrote everything myself; no external service or whatnot involved.
I got some pretty aggressive replies about people who insisted that I was spamming them. Did they forget (I didn't send out the newsletter very often)? Did someone typo their email and end up at the wrong person? Did some bot maybe fill in the form and pass the little captcha I added? Who knows. All I know is that there was a legit POST /subscribe request.
And as someone who also worked with spam prevention: it's this kind of stuff that also makes legit spam detection harder than it needs to be. The "Report spam" button is not a "fuck you" button, but unfortunately many people seem to use it as such.
With email spam it has been long proven that best way to act is to treat all actors as malicious. As there is enough malicious actors around.
And it took me a minute to find phishing mail with unsubscribe link. Which entirely proves my original point. Sure those sending phishing mails won't stop the mails I probably ordered somewhere?
> Yeah no. Emails which include an unsubscribe link are legit enough to not do that. Actual spammers don't bother to include an unsubscribe link.
I found a phishing email with unsubscribe link. Thus I think we can generalize that emails containing unsubscribe in general are not legit nearly enough of times to trust that. Thus only correct and safe way is to mark them as spam and let the email provider eventually to handle them correctly for everyone.
Collateral damage is by definition damage to innocents – people who have done nothing wrong.
As I mentioned before, even with the best of intentions people can "construe your email as spam".
People mark emails as spam as "fuck you". Bad support? Spam! Argument with a friend? Spam! Yes, people really do this.
People can abuse your platforms in way you didn't foresee: either an outright security flaw or a "logic flaw" (e.g. one system I worked on the rate-limiter could be bypassed by using Cc, which was of course quickly solved, but people did unfortunately use it to send out spam).
If you have any sort of "sign-up", even if paid only, people will try to abuse it to send spam.
People's computers get hacked, and while botnet spam is less of an issue due to residential ISPs blocking SMTP traffic, abusing the hacked machine's Outlook or whatnot still happens.
There's tons of cases where regular well-intentioned people send out spam. Anyone who claims any different has never seriously worked on any kind of anti-spam system with real-world usage. If this was an easy problem it would be a solved problem, but it's not, because it's a hard problem.
You're absolutely incorrect about this. What you're saying may have been true a long time ago but it's 100% wrong now. In 2023/2024 you should click unsubscribe links.
No matter how spammy a sender is, an unsubscribe click is a big signal that they don't want to contact that email account again. It takes time and money to warm up a domain, prepare it for outbound email, and keep it from being blacklisted when you're sending out a high volume of mail. The days where someone can just spin up an email server in a couple of minutes and blast hundreds of thousands of people with spam are over. If you don't manage your reputation you'll get blacklisted in a matter of hours. The #1 way as a mailer to manage your reputation is to respect unsubscribe requests.
Yes, clicking the unsubscribe link indicates that there's a real human checking the mailbox. But data resellers have many ways to verify the validity of a mailbox that are more effective than this one. And unlike this one, they don't indicate that the person dislikes receiving unsolicited email. So very few data resellers use unsubscribe clicks as a way to verify email validity, because if they do they'll be polluting their product with the emails of people who are likely to get pissed off by unsolicited mail, report it and get a customer's domain blacklisted. If the data reseller is selling "verified" data that is getting his customers blacklisted - he won't be in business for much longer.
It's worth pointing out that not all unsolicited mail is illegal. There are exceptions carved out in US CAN-SPAM and in other jurisdictions. If you're a business in the US the law is basically that people can send you unsolicited marketing emails whether you like it or not, as long as they provide an unsubscribe link and respect your request if you click it. To not use the mechanism that is explicitly required by the law for your protection is shortsighted.
I presume you are operating under the assumption that most bulk email comes from the big providers like AWS and MailChimp (who in fact uses on SendGrid underneath). And yes, under those circumstances you are correct. Those big firms whose day job is sending "spam" have a huge incentive to ensure you don't outright reject the spam - if they don't the reputation of the IP Address ranges they are sending from get trashed. For example, they go to the trouble of wrapping every link in the email with a redirect via them, so they can monitor what emails from them you are engaging with.
But I have some news for you - the vast bulk of spam does not come from them. Maybe you aren't aware of that because you use an email provider like GMail or Outlook. They stop most of this other spam (which is how we get to the headline). But nonetheless it's there, and if it does sneak through and you click on the unsubscribe link you no only won't be unsubscribed, you confirming your a real human will ensure you will be subscribed to many spam emails.
But if you landed in a mailing list, there are quite high changes that the unsubscribe link is legit.