But if you landed in a mailing list, there are quite high changes that the unsubscribe link is legit.
"Legit" in that it will unsubscribe you from that exact list but not the 100 others they added you to at the same time.
So if you send me a marketing email, it's spam because I didn't ask for it. It may be legal but that doesn't impress me.
But I'm pretty sure that some people who actually signed up on purpose to be on some mailing list just click the spam button not to see them any more, because they are not any more interested, or for whatever other reason.
If you want to get people to click a link in your malicious booby trapped email, then an "unsubscribe" one is high on the list to include. :)
As if there is even single counter-example you should just automatically mark it spam and then email providers should blacklist the domain.
Are you 100% sure you never just signed up for a newsletter and forgot about it?
Are you 100% sure your email didn't end up there in some other way?
I used to send out some newsletters for my website; just a programming blog thingy. It was just a form with a simple program on the server to collect email addresses. Wrote everything myself; no external service or whatnot involved.
I got some pretty aggressive replies about people who insisted that I was spamming them. Did they forget (I didn't send out the newsletter very often)? Did someone typo their email and end up at the wrong person? Did some bot maybe fill in the form and pass the little captcha I added? Who knows. All I know is that there was a legit POST /subscribe request.
And as someone who also worked with spam prevention: it's this kind of stuff that also makes legit spam detection harder than it needs to be. The "Report spam" button is not a "fuck you" button, but unfortunately many people seem to use it as such.
And it took me a minute to find phishing mail with unsubscribe link. Which entirely proves my original point. Sure those sending phishing mails won't stop the mails I probably ordered somewhere?
99% of the time you explicitly unsubscribed from all categories, but the sender just added a new one and helpfully opted you in. So, yes, "fuck you".
For me, I can be pretty sure as I have extensive email archives.
Before claiming I've not signed up for stuff I check them first. :)
No matter how spammy a sender is, an unsubscribe click is a big signal that they don't want to contact that email account again. It takes time and money to warm up a domain, prepare it for outbound email, and keep it from being blacklisted when you're sending out a high volume of mail. The days where someone can just spin up an email server in a couple of minutes and blast hundreds of thousands of people with spam are over. If you don't manage your reputation you'll get blacklisted in a matter of hours. The #1 way as a mailer to manage your reputation is to respect unsubscribe requests.
Yes, clicking the unsubscribe link indicates that there's a real human checking the mailbox. But data resellers have many ways to verify the validity of a mailbox that are more effective than this one. And unlike this one, they don't indicate that the person dislikes receiving unsolicited email. So very few data resellers use unsubscribe clicks as a way to verify email validity, because if they do they'll be polluting their product with the emails of people who are likely to get pissed off by unsolicited mail, report it and get a customer's domain blacklisted. If the data reseller is selling "verified" data that is getting his customers blacklisted - he won't be in business for much longer.
It's worth pointing out that not all unsolicited mail is illegal. There are exceptions carved out in US CAN-SPAM and in other jurisdictions. If you're a business in the US the law is basically that people can send you unsolicited marketing emails whether you like it or not, as long as they provide an unsubscribe link and respect your request if you click it. To not use the mechanism that is explicitly required by the law for your protection is shortsighted.
No, not absolutely.
I presume you are operating under the assumption that most bulk email comes from the big providers like AWS and MailChimp (who in fact uses on SendGrid underneath). And yes, under those circumstances you are correct. Those big firms whose day job is sending "spam" have a huge incentive to ensure you don't outright reject the spam - if they don't the reputation of the IP Address ranges they are sending from get trashed. For example, they go to the trouble of wrapping every link in the email with a redirect via them, so they can monitor what emails from them you are engaging with.
But I have some news for you - the vast bulk of spam does not come from them. Maybe you aren't aware of that because you use an email provider like GMail or Outlook. They stop most of this other spam (which is how we get to the headline). But nonetheless it's there, and if it does sneak through and you click on the unsubscribe link you no only won't be unsubscribed, you confirming your a real human will ensure you will be subscribed to many spam emails.
Plus the link is always at the bottom in a tiny footer.
The mark as spam button has no such issue and hurts the sender to boot.
