When you get on a mailing list you don't want to be on, it's easy to get off – just click on the "unsubscribe" link. But should you? Sophos Naked Security says maybe not. When you unsubscribe, you're giving the organization that sent you the message information about yourself that you may not want them to have:
1. You have confirmed to the sender that your email address is both valid and in active use.
If the sender is unscrupulous then the volume of email you receive will most likely go up, not down. Worse, now that you have validated your address the spammer can sell it to his friends. So you are probably going to get phishing attacks from them too.
2. By responding to the email, you have positively confirmed that you have opened and read it and may be slightly interested in the subject matter, whether it’s getting money from a foreign prince, a penny stock tip or a diet supplement.
That’s wonderful information for the mailer and his pals.
3. If your response goes back via email - perhaps the process requires you to reply with the words "unsubscribe," or the unsubscribe link in the message opens up an email window - then not only have you confirmed that your address is active, but your return email will leak information about your email software too.
Emails contain meta information, known as email headers, and you can tell what kind of email software somebody is using (and imply something about their computer) from the contents and arrangement of the headers.
4. If your response opens up a browser window then you’re giving away even more about yourself. By visiting the spammer’s website you’re giving them information about your geographic location (calculated based on your IP address), your computer operating system and your browser.
The sender can also give you a cookie which means that if you visit any other websites they own (perhaps by clicking unsubscribe links in other emails) they’ll be able to identify you personally.
5. The most scary of all: if you visit a website owned by a spammer you’re giving them a chance to install malware on your computer, even if you don’t click anything.
These kind of attacks, known as drive-by downloads, can be tailored to use exploits the spammer knows you are vulnerable to thanks to the information you’ve shared unwittingly about your operating system and browser.
So how do you avoid unwanted email without unsubscribing?
If the message is unsolicited then mark it as spam.
Marking something as spam not only deletes the message (or puts it into your trash) it also teaches your email software about what you consider spam so that it can better detect and block nefarious messages in the future and adapt as the spammers change their tricks.
This not only helps you, but also everyone else too. (Hat Tip to Sophos )
