We’ve proved it. As long suspected and advised by many internet users, “unsubscribing” from spam mailing lists usually just buys you more trouble.
US legislation passed earlier this year, the so-called CanSpam Act*, requires email mass-marketers to append “a functioning return email address to which a recipient may send a reply to indicate a desire not to receive further email from that sender”.
It also makes it an offence for the sender to send more mail once a rejection message has been received.
Much spam does now have such an address, or website link, but even if this does function, a large body of opinion says a return email merely confirms that the address is valid and “live”, encouraging further spam from the original sender and its affiliates.
Computerworld conducted an exercise as near as we could conceive to a scientific experiment. We set up two addresses at mail.com and used both carelessly and identically; entering the same websites with the address stored in the browser or related mail client, signing up to a few “free information through your email” services and making several Usenet newsgroup postings across local and international groups with the addresses in plain view.
Everything done with one address was also done with the other -- including an embarrassing moment when this reporter left one of the dummy addresses in the news client while making several “serious” posts. A counterpart had to be posted with the other address for every one.
Within three days of our laying the bait the spam started to flow. It wasn’t identical at each address, but a large majority of the messages and senders were the same.
We then set about religiously unsubscribing from the invitations sent to one of the addresses, but not those sent to the other.
We’ve had it running for three weeks at date of writing and more than twice the volume of spam has come back to the “unsubscribed” mailbox as to the untouched one. This proportion is somewhat exaggerated by spammers’ tendency to send multiple copies of the same message. Thanks, but no thanks to the record-holder: four copies inside an hour from email@example.com, which had the cheek to attribute its posts to digital certificate specialist VeriSign. Another four naturally followed after we’d “unsubscribed”.
Also notable was the spammer who returned a large HTML form saying “you requested to unsubscribe from our ‘sporting goods’ category; which of these other [30-odd] services do you also wish to unsubscribe from?” A column of ticked boxes followed, to be painstakingly unticked. The exercise achieved no detectable result.
We appear to be relatively unpestered in this country. Despite posting the dual addresses in several nz. newsgroups and exposing them to local websites, we received not one piece of spam from an identifiably New Zealand address.
* The full title of the US legislation is the Controlling the Assault of Non-Solicited Pornography And Marketing Act.