I.e., they didn't know if the spam ever reached an actual inbox until you followed the unsubscribe link.
Same thing with SMS: if the number can’t receive SMS, the system returns an error.
If you’re not sure, using the client-provided unsubscribe link (usually up near the “from” address or subject line) is better than the one in the footer. Inbox providers like Gmail, Microsoft, Yahoo etc log these clicks and use them to adjust their filters.
Edit: maybe it’s just that gmail spam filters work well?
Using it on "enlarge your penis now" type spam isn't, to say nothing of outright phishing of course.
...why?
/s
Same idea with text messages. If I know why I’m getting it, I use the “reply STOP” feature.
If I don’t recognize the sender of an email or text, I mark it as spam or junk. Apple Messages has a nice “delete and report as junk” feature for unwanted text messages.
A nice feature because I've seen all too many times over the decades people report spam on messages from lists I'm quite confident they signed up for.
Just FAANG and fintech. Pretty lousy rule of thumb.
An unsubscribe link in the body of an email can have a confirm step.
In fact if you are serving a B2B audience it is essential that you do, since an increasing number of security services like Barracuda, Fortra, etc. auto-click every link in the email body to check for phishing. If you have one-click unsubscribe links in your email body, those people will be constantly unsubscribed without their knowledge.
I know there’s a vocal contingent here on HN that hates all email, but the reality is that email is heavily used for things that people want.
As a rule of thumb, one-click List-Unsubscribe with List-Unsubscribe-Post headers and a plain opt-out page (with confirmation if you risk such security solutions clicking on them, applicable only in B2B as you say) for the unsubscribe link in the email body.
These links should ideally be personalized (i.e. encode recipient’s email/account ID) so the opt-out page would not even require users to put their emails.
And please keep List-Unsubscribe via mailto as well, some clients may not support HTTPS POST.
When I see them spamming me from a dedicated email address I don't even click unsubscribe anymore.
It should be illegal to sign someone up to a mailing list without explicit consent. If I create an account with my email, or provide it as a part of a checkout process, you should not have the ability to sign me up to a mailing list without me explicitly opting in via a dedicated checkbox or button (and it should initialize as un-checked of course).
Breaking the mailing lists into 30 different categories is w/e, but auto opting people in to new categories should also be illegal. Such a scummy dark pattern
I have no idea how this happened; I just coded a simple form with a basic Turing test ("please enter the number 9 here" works well enough for small sites). Did they forget they subscribe? Did someone else use their email? Did someone typo the email address? Bots? No way for me to know.
I am pretty sure they (the pissed of recipients) have never even visited your site. Their emails had been submitted by persistent fraud groups hammering every possible input 24/7 for their scam and spam ops. I observe such behavior on our apps and sites, even those that you would assume no one is even aware of.
Cloudflare’s Turnstile will help you block 90% of such threats, and the final solution is to double-confirm the subscription - this way you can be pretty sure subscribers are there willingly and have not been put in by crooks.
Nowadays, I would even ditch the email input and force “Subscribe with Google/Apple/xyz” via Oauth to completely mitigate this broken unauthorized newsletter subscription flow.
Even with the best of intentions, somebody with the email address jim@example.com might inadvertently enter kim@example.com. You don’t want to lose Jim and you don’t want to spam Kim. So the outcome of entering an email address in a form should always be “now check your email to confirm”.
Not many, these days. Google does a good job of separating out the actual spam. The vast majority doesn't even go to the spam folder; they just delete it. Dunno what criteria they use but I'd bet most of it is really really obviously bad.
I see some legal commercial email, and if I did in fact do some kind of business with them, I hit unsubscribe and they stop. No harm, no foul.
I see some legal commercial email in my spam folder. I never want it, but I unsubscribe, and again, no harm no foul. My spam folder is down to about one per day. (Plus untold thousands that I never see at all.)
It's surely not perfect and perhaps once or twice a year something genuinely dangerous gets into my inbox. Given the wild wild West that email was until recently I take that calmly. Email was rapidly approaching unusable a decade ago.
"DNSFilter estimates that 1 in every 644 email unsubscribe links is liable to send a user to possibly malicious sites."
hereme888•7mo ago
I doubt gmail will ever offer aliases or similar protections.
Disposal8433•7mo ago
> try to count how many times you clicked “Delete” on junk or unwanted inbox messages
I don't understand that sentence in the article though. I click on "report spam" every time because that's what it is, even if it's a legitimate business that I used in the past. They use dark patterns to make you subscribe, but it's not honest, therefore -> spam.
knorthfield•7mo ago
Rygian•7mo ago
andrewinardeer•7mo ago
hiatus•7mo ago
nahkoots•7mo ago
edwardbernays•7mo ago
GrooveSAN•7mo ago
jussaying2•7mo ago
Gmail ignores dot characters. y.o.u.r.e.m.a.i.l@gmail.com is equivalent to youremail@gmail.com
eldridgea•7mo ago
It ignores periods so you could also use your.address@gmail.com or y.ouraddress@gmail.com or whatever.
Some sides block plus addressing but that's what I use a lot of the time.
2bluesc•7mo ago
yourname+servicename@gmail.com
From my experience, many (bad) websites consider "+" an invalid character and prevent you from using the address in this form.
Smart spammers can just strip the service name since it works the same for all Gmail users.
Really need dedicated addresses like Fastmail's Masked Addresses.
ryoshu•7mo ago
Rygian•7mo ago
danaris•7mo ago
I would guess that that's pretty rare, as not many people know about this trick.
andrewinardeer•7mo ago
bitmasher9•7mo ago
I have an anecdotal evidence inside my own inbox that this behavior is happening. You aren’t buying security from anything but the lazy and ignorant spammers.
AznHisoka•7mo ago
ProllyInfamous•7mo ago
You can then immediately isolate any bad actors, and don't have to rely upon a `+` sign (easily filtered) to "differentiate" email addresses. More-commonly-used logins can then be preliminarily filtered to separate internal email accounts (e.g. known-junk can be sent to rarely-accessed account; family contacts can be sent to notifications).
rockbruno•7mo ago
hiatus•7mo ago
kbolino•7mo ago
cobbzilla•7mo ago
It's easy to generate random new @duck.com aliases for the primary.
I have a browser plugin (mobile and desktop) that recognizes email form fields and offers to generate a new random @duck.com alias for the field.
When an alias starts to receive spam, I disable it.