Yes, phishing exists. Yes, malicious links are out there. And no, you take my advice to mean that now it's safe to start clicking on all the links in suspicious email messages. But I hate that the potential takeaway for everyday users is effectively "never click the unsubscribe link." That line of thinking leads people to ignore legitimate unsubscribe options and continue receiving mail they don't want. Which helps no one.
Here's my take.
If You Know the Sender, It's Probably Fine
If the email is from a sender you recognize -- something you signed up for, or at least a company or platform you've heard of -- the unsubscribe link is almost always safe. And lots of email platforms include list-unsubscribe headers, which allow your mail client (like Gmail or Apple Mail) to offer a built-in unsubscribe button. These often process the unsubscribe without even taking you to a website.
Thankfully, the WSJ article does touch on list-unsub and recommends that users utilize it. Yay! But…
Gmail Doesn't Help Senders Remove Complainers
Here's what the article doesn't mention. When you click "report spam" in Gmail (as recommended), that signal stays inside of Google. Gmail does not send individual feedback loop reports that would allow the sender to automatically unsubscribe you. So if you're thinking that reporting spam is the same thing as unsubscribing, it's not. The mail will keep coming.
Compare that to Yahoo or Microsoft, both of which do have feedback loop mechanisms that let email send platforms (ESPs, CRMs, newsletter platforms, etc.) register for and receive individual spam reports back for all (or most) individual spam reports. When you mark something as spam there, legitimate senders are usually notified and often unsubscribe you right away. They know that the goal there is not to keep shoveling mail to somebody who is unhappy enough about their mail to have clicked the "this is spam" or "report spam" button.
Bad Actors Don't Need the Unsubscribe Click
If someone is trying to phish or drop malware, they're probably not waiting for you to click the unsubscribe link. They'll put the malicious content right in front of you, disguised as a fake invoice or some kind of urgent alert. Clicking any link in that kind of message is risky, not just the unsubscribe one.
The idea that clicking unsubscribe tells them you're a real person is technically true, but that alone doesn't matter much. If a message looks shady, just don't engage. But if it's clearly from a legit sender, unsubscribing is the easiest way to stop future messages.
Practical Advice
If the sender is familiar or you know you signed up for it: use the unsubscribe link.
If it's unfamiliar, suspicious, or weird: mark it as spam.
Use your email client's or webmail's built-in unsubscribe option when available.
Don't be afraid to unsubscribe from legit mail. It helps both you and the sender. It's good feedback to help good senders stay good senders, and can warn platforms when senders aren't so good.
TL;DR? Blanket advice like "never click unsubscribe" confuses people. Be skeptical when appropriate, but don't let fear override common sense.
Learn More
In this very timely article from Chad White, he guides, and shares a great chart, breaking down when and how best to make different kinds of email cease. Should you unsubscribe, or report spam? It depends, and Chad explains.
The Wall Street Journal recently ran a piece warning readers not to click unsubscribe links in emails. The idea is that these links are sometimes traps used by bad actors to harvest information, confirm live addresses, or serve up malware. That's not entirely wrong, but it's overstated.
Yes, phishing exists. Yes, malicious links are out there. And no, you take my advice to mean that now it's safe to start clicking on all the links in suspicious email messages. But I hate that the potential takeaway for everyday users is effectively "never click the unsubscribe link." That line of thinking leads people to ignore legitimate unsubscribe options and continue receiving mail they don't want. Which helps no one.
Here's my take.
If You Know the Sender, It's Probably Fine
If the email is from a sender you recognize -- something you signed up for, or at least a company or platform you've heard of -- the unsubscribe link is almost always safe. And lots of email platforms include list-unsubscribe headers, which allow your mail client (like Gmail or Apple Mail) to offer a built-in unsubscribe button. These often process the unsubscribe without even taking you to a website.Thankfully, the WSJ article does touch on list-unsub and recommends that users utilize it. Yay! But…
Gmail Doesn't Help Senders Remove Complainers
Here's what the article doesn't mention. When you click "report spam" in Gmail (as recommended), that signal stays inside of Google. Gmail does not send individual feedback loop reports that would allow the sender to automatically unsubscribe you. So if you're thinking that reporting spam is the same thing as unsubscribing, it's not. The mail will keep coming.Compare that to Yahoo or Microsoft, both of which do have feedback loop mechanisms that let email send platforms (ESPs, CRMs, newsletter platforms, etc.) register for and receive individual spam reports back for all (or most) individual spam reports. When you mark something as spam there, legitimate senders are usually notified and often unsubscribe you right away. They know that the goal there is not to keep shoveling mail to somebody who is unhappy enough about their mail to have clicked the "this is spam" or "report spam" button.
Bad Actors Don't Need the Unsubscribe Click
If someone is trying to phish or drop malware, they're probably not waiting for you to click the unsubscribe link. They'll put the malicious content right in front of you, disguised as a fake invoice or some kind of urgent alert. Clicking any link in that kind of message is risky, not just the unsubscribe one.The idea that clicking unsubscribe tells them you're a real person is technically true, but that alone doesn't matter much. If a message looks shady, just don't engage. But if it's clearly from a legit sender, unsubscribing is the easiest way to stop future messages.
Practical Advice
- If the sender is familiar or you know you signed up for it: use the unsubscribe link.
- If it's unfamiliar, suspicious, or weird: mark it as spam.
- Use your email client's or webmail's built-in unsubscribe option when available.
- Don't be afraid to unsubscribe from legit mail. It helps both you and the sender. It's good feedback to help good senders stay good senders, and can warn platforms when senders aren't so good.
TL;DR? Blanket advice like "never click unsubscribe" confuses people. Be skeptical when appropriate, but don't let fear override common sense.Learn More
Comments
Post a Comment
Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.