There are two schools of thought around unsubscribing from unsolicited emails. Some say do; others say don’t. Recently attackers have been abusing legally required unsubscribe links to lead you to malicious sites. In fact, most hyperlinks in emails get abused over time.
If you had asked me five years ago whether you should unsubscribe, I would have said yes. However, this is no longer the case. The economy of scale is driven by ad revenues, and there are hundreds of hunters for every personal or business dollar you spend. As a result, it’s not effective to unsubscribe in the year 2019.
Why? Because most ads today are part of larger campaigns. Often, these are one-time campaigns, so unsubscribing is pointless. If you see that the footer that has “Unsubscribe” and “Manage mail preferences,” the latter may have an “Unsubscribe all” option, too. There is also a chance that when the existing database is updated or a new one purchased, your email will be there again.
When does unsubscribing makes sense? Only if you …
- Willingly signed up for the mailing (i.e., newsletter, Macy’s coupons)
- Recognize the sender and the relevance of the email
- Previously agreed to something and changed your mind
Why shouldn’t you answer the rest? Because …
- Your response will validate to the sender that your address is correct and you opened the email.
- The returned email always leaks the information about the software you and your organization use. That gives extra leverage to the malicious actor.
- When you click the “unsubscribe” link, your Web browser will leak details about your computer and software (i.e., your browser and operating system, geolocation through IP, and other sites you visited through a cookie).
- The malicious “Unsubscribe” link can land you on the credential-harvesting website. You should never enter credentials to unsubscribe.
- The malicious link can land you on a nefarious site that installs drive-by-download on your computer.
What should you do?
Unless you have a valid reason (see above) to unsubscribe, mark any unwanted emails as spam or junk. Doing so not only deletes the message from your inbox, but also trains your mail system to recognize over time what you consider spam. Unfortunately, we are poisoned by the flood of emails and robocalls due to the lack of regulations and enforcement. More than our credentials, it’s our time they are stealing.
Now that you understand how to recognize spam and unsolicited emails delete them. Do not use the “Report email” button for easily recognizable spam.