[HN Gopher] How does the Gmail unsubscribe button work? ___________________________________________________________________ How does the Gmail unsubscribe button work? Author : jivings Score : 290 points Date : 2020-05-29 15:14 UTC (7 hours ago) (HTM) web link (blog.leavemealone.app) (TXT) w3m dump (blog.leavemealone.app) | somurzakov wrote: | is there a way to unsubscribe from junk mail in my physical | mailbox owned by USPS ? | phantom784 wrote: | https://dmachoice.thedma.org/ but it costs a few dollars. | | You can also contact the company directly and ask to be removed | from their list. | 0x0 wrote: | If I get spam mails on lists I never signed up for, I either hunt | down the X-Abuse header and report there (if they use a reputable | bulk mailing service), otherwise I just paste the entire email on | members.spamcop.net | inetknght wrote: | > _if they use a reputable bulk mailing service_ | | If they use a reputable bulk mailing service instead of using | their first-party domain then they are indistinguishable from a | phishing attack. | judge2020 wrote: | No, a reputable bulk mailing service can still send from | their customers' principal domains with spf/dkim set up to | include that service's info. | inetknght wrote: | > _No, a reputable bulk mailing service can still send from | their customers ' principal domains with spf/dkim set up to | include that service's info._ | | Tell that to the links in the email that go to the | reputable service's click aggregation service. | BGZq7 wrote: | > If they use a reputable bulk mailing service instead of | using their first-party domain then they are | indistinguishable from a phishing attack. | | With most bulk mailing services, the message will come from | the "first-party domain". They will have configured that | service as a legitimate sender for the domain via SPF/DKIM | DNS records. | inetknght wrote: | > _With most bulk mailing services, the message will come | from the "first-party domain". They will have configured | that service as a legitimate sender for the domain via | SPF/DKIM DNS records._ | | It's not just the from:marketing@firstparty.com that I'm | talking about. If the unsubscribe link does not _also_ go | to firstparty.com, then it 's still indistinguishable from | phishing. | [deleted] | pm90 wrote: | It's really amusing to me that the top comments on this posts | seem to be HN users complaining about spam and if this button is | useful or not. | | I had to dive into this a bit for something and work and it's | just fascinating how much effort has been spent in trying to | combat spam, build a reputation based system for emails etc. And | this article does an amazing job of explaining list- | unsubscribe...although the RFC is pretty easy to read too! | gws wrote: | I follow these rules: | | 1) if I never signed up goes immediately to SPAM | | 2) if I did signed up I make the effort of going through their | unsubscribe procedure | | 3) if I still get emails after (2) goes to SPAM | nikeee wrote: | I follow a similar procedure, with one more step: | | 1) If I never signed up goes immediately to SPAM. | | 2) If I did signed up I make the effort of going through their | unsubscribe procedure. | | 3.1) If I still get e-mails after (2), I file a request for my | personal data under the GDPR (EU citizen here). | | 3.2) Once I got that, I use the GDPR to delete all of the data | associated with my account / e-mail address. | | 4) If I still get e-mails after (3), it goes to SPAM. | | With step 3, I hope that I can make them notice their bad | behaviour. My goal is to drive up the costs of that behaviour | (so they get incentivised to change it). Also, I'm generally | interested in the personal data that a service has associated | with me. | londons_explore wrote: | Nearly any business that gets more than a handful of GDPR | requests has fully automated it. | | It costs them nothing to process your request - you're | wasting far more of your time crafting the request than of | theirs. | nikeee wrote: | In the few cases that got a GDPR request, I actually talked | to humans. Also, a human has to read my mail in the first | place. | | Note that I'm also doing this because I'm interested in the | data, so its much less waste of time. | psadauskas wrote: | I have these rules: | | * Message body contains "unsubscribe" -> Skip inbox, archive | | * Message body contains "webinar" -> Skip inbox, mark as spam | pvarangot wrote: | I try to do that, but a lot of legitimate services send me | mails because someone else trying to sign up with my email and | they don't do verification right. Part of the problem is having | a very simple Gmail address, but also another part of the | problem is that companies think that since someone tried to | validate my email as theirs now they can spam it. | gws wrote: | Yeah, it drives me insane, once someone used my email to | sign-up on eBay and started buying sex toys. Can't believe | eBay didn't do email verification. I was at work and started | getting emails like congratulations, your dildo is on its | way, with pictures. | dweekly wrote: | http://help.mail-list.com/m/59114/l/558254-rfc-2369-list-uns... | | There's and RFC for List-Unsubscribe headers. | meritt wrote: | I just mark as spam. Too many unsubscribe links want me to type | in my email address, ain't nobody got time for that. | | If it's a newsletter I actually signed up for, I respect that and | will unsubscribe, but the majority is unsolicited spam where a | company feels is OK because I happened to have bought a product | they can now email me 8 times a day. | numakerg wrote: | My naive suggestion. "Hard" unsubscribe button that tosses all | future emails from this list in the trash and mails the sender a | note that the address has unsubscribed from this list and all | future emails will be ignored. | | Gmail has over a billion active users. Mailing lists will | probably adapt to whatever crumbs Google leaves on the doorstep. | throwawaysea wrote: | The worst are emails that require a login or other input | information on their unsubscribe page, or ones where the mobile | unsubscribe page does not work. I report these as spam just so | they are punished for the dark pattern, but I think these might | also be violations of the CAN SPAM act. | tregsthedev wrote: | Nice Post. | boltzmannbrain wrote: | It doesn't. | zitterbewegung wrote: | Anyone know how the macOS / iOS unsubscribe button works? | jivings wrote: | It's probably very much the same! | [deleted] | seph-reed wrote: | So what's wrong with hitting spam? | [deleted] | gumby wrote: | When you ark it as spam it helps train google's spam fighting | that mail like that is spam. | | Now if it's unsolicited stuff -- SPAM -- no problem. But if | it's a list you once signed up for and now no longer want, | you're telling google -- for everyone -- that mail like that is | spam. Even people who signed up for it (like you did) and still | want it. That's unfair to the company and unfair to all those | other people too. | | But someone randomly blasting you with crap as is the usual | case (and I includes that company you once did business with | and who signed you up without your permission): that's what the | spam button is for. | NikolaeVarius wrote: | It clutters up spam | macspoofing wrote: | Especially since in many instances, you don't actually want a | dialogue with the spammer. I don't want to 'unsubscribe' myself | given that I didn't 'subscribe' myself in the first place. | Also, why would I let the spammer know that I read the email | and my email is active? | jagged-chisel wrote: | In this case, you're doing the right thing: you didn't ask | for it, it's spam. Presumably, you classifying it as spam | helps the spam filter learn and apply that knowledge to | others' inboxes, too. | nickthegreek wrote: | They still come to me when I hit spam, and the unsubscribe | button doesn't always work either. I still find myself using | the distributors unsubscribe button most of the time. | guptaneil wrote: | For the mailing list owner, it's bad because then their emails | are more likely to end up in the spam folder for other | subscribers too. | MereInterest wrote: | For the mailing list owner, that's a risk that comes with | sending out spam. If I have no prior relationship with a | company, then I have no reason not to mark an email as spam. | If I have a prior relationship with a company, but they are | sending out unrequested emails, then I should mark it as | spam. For example, if an email address is provided for | package delivery updates, but is then used for unrequested | periodic advertisements, that is spam. | guptaneil wrote: | What if it's a mailing list you signed up for but lost | interest in? | MereInterest wrote: | In that case, I do have an obligation to unsubscribe | rather than reporting the email as spam. I view the | "report spam" button as a form of punishment, meant to | disincentivize bad behavior. Misuse of email addresses | should come with the risk of having all emails marked as | spam. Losing interest in a mailing list that previously | interested me is an expected result over time, and would | not be appropriate to report as spam. | hundchenkatze wrote: | Yes, but GP was asking about consequences of clicking the | spam button vs just unsubscribing. Sure if you start | getting unsolicited emails, by all means click that Spam | button. However, if you're just tired of getting delivery | updates just unsubscribe. | ocdtrekkie wrote: | This is why I'm glad I use an email service with a | personalized spam filter. Gmail's spam filter too heavily | assumes one person's spam is everyone's spam. | | Whereas mine is pretty reliably never sending false positives | to my spam folder. Fastmail wins again. | notyourwork wrote: | Spam is spam. The sad state of things is that people are | bombarded with garbage, exponentially worse than the physical | mail system used to be. | | The engagement and conversion rate on email is so low that | the volume continually increases to convert further. | guptaneil wrote: | What about a mailing list you signed up for and enjoyed at | first, but lost interest after one year? Was that email | always spam? Is it spam now? | | Not all messages that get put into the spam folder are | actually spam. There's a wide variety of emails that aren't | spam, but also aren't necessarily wanted anymore either. | Those are the ones this article is focusing on. Make it | easy for your readers to unsubscribe so they don't call you | spam. | antsar wrote: | > exponentially worse than the physical mail system used to | be | | Really? Ignoring the "Spam" folder (which I never check), I | get _way_ less junk email than snail mail. And the snail | mail is reliably 95% unsolicited garbage. | | To be fair, Fastmail lets you set rules to route stuff to | Junk, whereas USPS actively facilitates routing garbage to | your mailbox [0]. | | [0] https://www.usps.com/business/advertise-with-mail.htm | JshWright wrote: | I generally click "unsubscribe" in the email, then if I have | to do more than click a big, obvious confirmation button on | that page I close the tab and flag it as spam. | eli wrote: | Fun fact: at least in the US, the CAN-SPAM law is actually | pretty specific about how unsubscribe pages work. If it | requires more than typing your email address and clicking a | button then it is probably not compliant. | choward wrote: | Why are they even allowed to make you type your email | address? I used different email addresses for everything | I sign up for so I have to go back to the email to see | what I used. Very inconvenient. | eli wrote: | It's not a great law and it was passed almost two decades | ago. This is actually one of the parts they got mostly | right. | jivings wrote: | Personal preference, but I feel like unsubscribing or hitting | spam is you sending your sentiment back to the sender in two | different ways. | | If you unsubscribe you're saying that you're no longer | interested in the list, you see the merit but don't want to | receive it any more for whatever reason. | | If you hit spam you're saying this email should never have come | to me, or I don't want to expend the effort to stop it from | coming to me. | | If the sender makes unsubscribing as easy as hitting spam (by | making sure the Gmail unsub button works for example) then they | make it more likely for their recipients to send the | appropriate feedback - ie not hit the spam button. | eli wrote: | Github notifications that you signed up for but now don't want | any more aren't spam. | | Marking them as spam messes with Github's deliverability to all | GMail users and may prevent you from getting notifications in | your inbox in the future if you decide to sign up again. | joombaga wrote: | Should I be concerned with how Google treats my signal | globally? Honest question. If I were Google I'd recognize | that how the email is stopped before getting to a user's | inbox probably won't matter to them and factor that into how | the unsubscribe and mark as spam buttons work. As a user I | expect my treatment of "mark as spam" on a GitHub | notification to be more heavily weighted in my personal spam | algorithm than the global spam algorithm. | eli wrote: | I don't think anyone outside Google knows the exact | details, but GMail clearly calculates a global reputation | score for each sender that is influenced by what percentage | of recipients mark its messages as spam. Then there's some | additional weighting on top of that based on your personal | actions. | | Additionally most reputable email senders have a "feedback | loop" set up with Google, Hotmail, and Yahoo where clicking | that Report Spam button actually passes your email address | back to the sender's email system. For example if you click | Report Spam on one of our email newsletters in GMail, we | will flag your record in our database and not send you any | more messages even if you specifically sign up for a | newsletter in the future. (Please don't test this.) | amelius wrote: | Because Google trains its spam filters on user feedback. | | If people start unsubscribing by hitting spam, then those users | who still want to receive the mailing may have to search for it | in their spam boxes. | silviogutierrez wrote: | I try to be reasonable here. If it's something from a business | I transacted with in the past or recognize the name, I will | unsubscribe. I don't consider it spam. And I don't want to hurt | their reputation. | | I do keep track of if I already unsubscribed from a related | list. Sometimes "unsubscribe from all" is completely ignored. | Which really angers me. | | If it's a random, clearly bought newsletter list from a related | list, it depends on my mood. Likely spam. | | Other notorious example: business A founder also founds | (unrelated) business B. They just email their entire A client | base with zero association to A. Big peeve of mine. | | -- Edits (some more ramblings) -- | | My personal favorite: the "I want to receive marketing email" | checkbox that rechecks if you have an unrelated issue with your | transaction. Say, invalid CC details. | | Still, even with these boxes, I think my standard is just: "I | did business with them, I will get at least 1 marketing email. | I'm ok with that. I will unsubscribe and not hear from them | again." Anything past that is unacceptable. | | To be clear: that's not how I think it should be. It's just how | businesses, even small, genuine mom and pop shops, have been | taught to operate. It's cultural. It reminds me a lot of | tipping in the US. I'm vehemently anti-tipping "culture" | because a standard 20% is the opposite of rewarding for | performance. But I still tip at a baseline of 18%+. | | It's too ingrained. And I'm not going to protest by not tipping | and try to change it. | | I think we've come too far unless changed by law or restaurant | management. Same goes for marketing emails. | Swizec wrote: | > Sometimes "unsubscribe from all" is completely ignored. | Which really angers me. | | I have a big problem with this and never know what to do. | | Person buys my course after following newsletters for a | while. All good. | | I put them on a followup list that helps guide them through | the course and keep them on track. All good. | | They get a newsletter they don't like and unsubscribe. | | Now they stop getting followup guidance emails for the | course. This is a problem. Almost certain not what they | wanted to happen either. But okay I honor it. | | A while later I make a huge update to the course or migrate | to a new platform. I need to tell every buyer that their | account is moving. But some have unsubscribed from all | emails. | | Do I add them back or not? | reaperducer wrote: | When in doubt, they're opted out. | | Do you really want to open yourself up to being banned by | your new platform, or facing a lawsuit over pennies in | revenue? | Swizec wrote: | They purchased lifetime access to the content. Should I | not give it to them just because they didn't like an | email once? | | Imagine being grumpy at a Starbucks barista once and now | you can't get Starbucks again ever anywhere. | | Or a better example: You opted out of email now you can't | reset your password. Sorry can't email you the link. | reaperducer wrote: | Why would unsubscribing from your newsletter stop them | from accessing the content? Is the content only delivered | via the newsletter from which they unsubscribed? | Swizec wrote: | > A while later /../ migrate to a new platform. I need to | tell every buyer that their account is moving. But some | have unsubscribed from all emails. | | They unsub'd all meaning "no more emails ever" as you | said. How do I tell them the stuff moved if they don't | want to be contacted ever again ever? | reaperducer wrote: | You don't have to. When they can't find you, assuming | they miss your content, they'll use this miracle tool | called a "search engine" to find you. | wastedhours wrote: | > Now they stop getting followup guidance emails for the | course. | | This might be the ex-marketer coming out in me, but surely | the course guidance emails could be considered | transactional to the service and be honoured by a different | opt-in/out policy to the newsletter? | | > I need to tell every buyer that their account is moving | | Again, this use case isn't marketing, and should very much | be allowed as a requirement to keep people informed about | the use of their data. In the same way a "change password" | email is allowed to be sent. | Swizec wrote: | But my email platform doesn't do that. When you hit | "unsub all" you _unsub all_ | | That's the tricky part that most "ew email is spam" folk | forget. The definition of "all" can be super nuanced and | most people don't think about it. | antsar wrote: | From the sidelines, I'd think the answer is that your | email platform should have that feature, or you should | consider using entirely separate flows/tools for | transactional emails and marketing emails. Not a lawyer, | but AFAIK transactional emails are not subject to Spam | rules & don't even need to have an "Unsubscribe" link. | Mixing the two is just causing yourself needless pain. | Swizec wrote: | > From the sidelines, I'd think the answer is that your | email platform should have that feature | | It does. But the user clicked "No I want to unsubscribe | all" | antsar wrote: | Can you rephrase the choices? | | - Unsub from this marketing topic. | | - Unsub from all marketing mails. You will continue to | receive paid course content; to terminate see [account | deletion request page]. | | On the account deletion page, make it clear that they'll | lose out on further paid content, don't come back crying, | blah blah. | reaperducer wrote: | _I try to be reasonable here. If it 's something from a | business I transacted with in the past or recognize the name, | I will unsubscribe. I don't consider it spam. And I don't | want to hurt their reputation._ | | I'm the same way. Except for two: Staples and eBay. | | Staples will send me three e-mails asking me to review a | product that I ordered, but that Staples hasn't even shipped | to me yet. Spam. | | Recently I purchased one item from eBay using the Guest | Checkout feature because I don't have an eBay account, and | don't want one. Now eBay sends me e-mails all the time. In | order to unsubscribe, I'm instructed to sign in to an account | I don't have. Spam. | rlpb wrote: | > If it's something from a business I transacted with in the | past or recognize the name, I will unsubscribe. I don't | consider it spam. | | I do consider it spam, unless the email is actually _about_ a | previous transaction. I don 't equate doing a transaction | with a business with permission for them to bother me about | something unrelated. | inetknght wrote: | > _I try to be reasonable here._ | | I try to be a little more reasonable here. If it's a business | that required me to sign up to do business with them and | didn't allow me to opt out of their marketing emails then I | have no problem whatsoever clicking the Spam button. And, if | their marketing emails go to a third party domain -- such as | a bulk emailer -- then it goes into the Phishing bucket | _regardless_ of whether or not I opted out of their marketing | emails. | dvtrn wrote: | So much of my "spam" is from services I definitely signed | up for because I have a legit use for, Or product I'm glad | to pay a fair price for, but they never even asked if I | wanted to get emails from them during signup/checkout-the | emails just start coming in. | | What's the deal with this? | frenchy wrote: | I suspect it's because it works for enough people that it | pays off. | | Every now and then I forget how annoying it was last | time, and I think it would be nice to donate money to | some sort of charity, and then they proceed to spam me | for the following year. A couple years later I forget | about he experience, and the cycle begins again. | ryanianian wrote: | I donated $20 to doctors without borders four years ago | (a friend wanted that in lieu of bday presents). I've | since gotten close to 50 letters from them and other | charities. That cost far outweighs the $20 I gave them. | dvtrn wrote: | Was this part of that feature happening on Facebook where | people can create "campaigns" or just an ad hoc request | to donate? | ryanianian wrote: | She requested it on facebook via one of those things, but | I donated directly on their website since..facebook. | dvtrn wrote: | I experienced this after donating money and volunteering | a few days to support a local public defense charity for | people who can't afford legal representation, but then I | started getting emails from _other_ charities. I once | decided to let this ride and see how far that email | address would go (signed up using a gmail account with a | "+charity_name"). | | In the span of two years the following happened: | | * Original Charity I actually donated money to started | emailing me | | * then a second local charity I did NOT donate money to | | * then I began getting messages from a local political | candidate who was friendly with first charity | | * soon after that Another local political candidate | | * Then a statewide political action committee. | | At no point in that original donation flow was I ever | even asked "can we email you other communications?" I | presume the "we will share your email with anyone we damn | well please" was baked into whatever boilerplate privacy | policy existed in the background of the site they used to | collect and process donation payments. Which is a whole | other problem. | | Is "getting out of hand" a hyperbolic reaction to how | cavalier the use of mailing lists and newsletters have | become when people sign up just to use a personal finance | app or donate to causes? | frandroid wrote: | Because people like the GP and the GGP click "Spam" | instead of the unsubscribe link/process for these | services. (I do the same if I can't unsubscribe easily.) | Any service that requires me to login to unsubscribe, | rather than provide a tokenized unsubscribe link in the | email, can suck it. | inetknght wrote: | > _GP and the GGP click "Spam" instead of the unsubscribe | link/process for these services._ | | If the unsubscribe link goes to a third party site, it's | literally indistinguishable from a phishing attempt. | corobo wrote: | you worried they might get the email address they just | emailed you on out of you? | [deleted] | munificent wrote: | _> Other notorious example: business A founder also founds | (unrelated) business B. _ | | The worst for me is if you donate to one political campaign, | once, you will be on every mailing list for every single | candidate in that party for every single election; in every | single country, state, county, province, parish, district, or | city; forever. | | I know that's how politics works today, but, Jesus, the #1 | thing making me not want to participate in one of the major | parties is this. | ryanianian wrote: | People abusing their existing platforms is a huge problem; | the incentives are all wrong. | | This is an extremely common annoyance of mine with | Kickstarter campaigns. I back a lot of projects, and it's | insane how many creators abuse the "project updates" system | to promote other projects, often totally unrelated and from | totally different creators. They're clearly getting paid for | these promotions. I can't just "unsubscribe" from the updates | because I do need to be aware of "real" updates that may | require my input/action. | | And many apps that rely on push-notifications for their core | functionality are polluting these streams with ads. Uber | basically admits this: they send ride updates by sms because | they know people turn off their ad-filled push notifications. | | My town is also using its covid-emergency-updates sms system | to advertise local composting. | | This is becoming an acceptable practice, and it seems | impossible to filter the cruft. | _jal wrote: | I take a very hands on approach with these people. | | They get a mail saying one more spam from them and I will | ensure I never buy anything they make again, add them to | blacklists and tell other people they are spammers. | | They tend to go the attack/whine route about being a | struggling entrepreneur, and I try to educate. Of the ones | who actually engage, about 1/3 seem to come around, which I | consider a pretty good rate. (I follow through with the | rest. They're just shithead spammers.) | cosmodisk wrote: | At work we have about 200K mailing list we target after some | segmentation is done,so it's about a few thousand people for any | give campaign. We had some settings wrong,which meant thst no | reply wasn't enabled.People would rather respond to an email and | ask to unsubscribe or rant about it but rarely click unsubscribe | button. | saghm wrote: | > People would rather respond to an email and ask to | unsubscribe or rant about it but rarely click unsubscribe | button | | It's a bit ironic to complain about getting unwanted emails | from a bunch of users when they're literally just replies to | unwanted emails that you sent them | cosmodisk wrote: | I'm not complaining- it was merely an observation. | humaniania wrote: | The tiny font link at the very bottom that's light grey on a | white background? | TLightful wrote: | TL/DR: It doesn't. | ndesaulniers wrote: | Multiple times the gmail unsubscribe button has removed me as | moderator from mailing lists I moderate! | | I tend to use the checkboxes to mark groups of emails as spam, | then also chosen "unsubscribe me" without checking where they | came from (since I don't want to open them). | | When it happens to be spam sent to a mailing list, this feature | unsubscribes you from the mailing list. When it's a Google group | you moderate, good bye moderator status! Oops! (Filed a bug | internally about this, no status updates so far.) | einpoklum wrote: | > If you use Gmail or frequently send mailing list emails | | Now that's your problem right there. _Don't_ use Gmail. You're | not just giving up your own privacy, you're hurting the privacy | of everyone who corresponds with you. There are plenty of non-US | free email providers, and many/most of them are at the very least | much better than Google in this respect. | | Also _use a mail client_, not your browser. Thunderbird, KMail, | evolution - even (ugh) Outlook. | jdm2212 wrote: | This comment isn't constructive or substantively related to the | article it's on. But on the subject of privacy: | | I'd rather have my data in the hands of Google -- a company | with strong compliance and the world's best non-government | infosec outfit -- than in the hands of any of the other | companies listed. | jeffbee wrote: | The bit at the bottom about the unsubscribe button appearing or | not might be based on sender reputation? | jivings wrote: | Nice! Do you have a source for that? | jeffbee wrote: | No, so I reworded it as more of a question. | Sephr wrote: | Source: https://gmail.googleblog.com/2009/07/unsubscribing- | made-easy... | Giorgi wrote: | Quick tip: it does not. | factorialboy wrote: | Unsubscribe is a confirmation to spammers that your email is | indeed real. | koheripbal wrote: | Doesnt a lack of a bounce already confirm it's real? | [deleted] | CryptoBanker wrote: | Yup, I just send straight to spam. Haven't missed an important | email in 8 years yet | adrianmonk wrote: | I love the idea of the Gmail unsubscribe button, but | unfortunately I can't bring myself to use it. | | The issue is that there are good-faith and bad-faith unsubscribe | links. Clicking the unsubscribe button can thus either have a | good outcome (less junk mail) or a bad outcome I ardently want to | avoid (letting a spammer know my address is active). | | I'm sure Google knows this and does some verification and | detection to try to prevent that bad outcome, but as an end user, | I don't have much visibility into how well that works. It's a | hard problem, but Google is smart, so it's _possible_ they 've | solved it, but I don't really know whether they _actually_ have. | | So in practice, I always read over the email in question | carefully to try to judge for myself whether it's safe to click | the unsubscribe link at the bottom. It's annoying, but the effort | seems worth it. | crdrost wrote: | PSA that there was a sort of "email 2.0" spec called "Internet | Mail 2000" (which gives you an idea of how long ago this was, | heh) by djb, that would have partly eliminated all this crap. | The idea is that you can pay the cost of read receipts (which | are kind of a superset of what you are concerned about) to | structurally disadvantage spamming so much (by forcing it to | tether itself to DNS) that it ceases to be a viable marketing | model; spam that is big enough to generate revenue is also | either big enough to be caught or spread out enough among new | domain registrations that the cost easily swallows the revenue. | The struggle is that nobody likes read receipts, so one is | stuck trying to define some sort of "halfway between" system to | try and invalidate the read receipts, "sometimes you have to | store the message until the person wants to read it, but | sometimes Gmail will download it before the person reads it, so | this signal is unreliable for whether it was actually read." | wyldfire wrote: | Isn't that similar to the idea behind hashcash [1]? I don't | know -- was hashcash used anywhere? Or were the ideas there | leveraged in stuff like DKIM/SPF? | | [1] https://en.wikipedia.org/wiki/Hashcash | crdrost wrote: | Hashcash is a different idea with the same goal of making | certain email behaviors financially infeasible by tying | emails to a more limited resource. The limited resource in | IM2000 is -- well, that's complicated, I would say internet | domains but someone else might say something like network | availability. But in Hashcash it is clearly processor | cycles. | | Hashcash is "used anywhere" in the sense that it's the idea | behind bitcoin. There's a duality here where the very | introduction of limited scalable resources which makes a | cryptocurrency possible, also can be used in a different | way to make spam impossible. | | In that duality it is actually kind of interesting to think | about IM2000. One would imagine a cryptocurrency based on | something like "proof of network bandwidth shared" or | something, which would be really hard to theoretically | formalize. But if you could get a secure definition then | that fundamental idea becomes rather explosive. Like I | imagine a sort of viral peer-to-peer filesharing network | kind of like BitTorrent which would end up as a sort of | alternative to the World Wide Web; whereas there are huge | clusters of bitcoin miners right now trying to chug out | more proofs-of-work, in that situation you would have large | numbers of proxy hosts trying to mirror more and more files | online. | | Right now it would be possible to do some really nasty | things to bitcoin by designing software which stores | arbitrary files in the spare bits in the ledger. If that | software becomes really widespread then inevitably someone | uses it to upload MP3s or, worse, illegal pornography and | those things get ossified into the Bitcoin ledger and you | cannot remove public access to that content without taking | down the entire blockchain; probably what happens in | practice is that the sharing software itself gets demonized | as "only pirates/perverts use that sharing software." But | one is immediately confronted with concerns about "hey if I | download the blockchain am I technically performing an | illegal action" to which the legal answer is probably "yes" | at that point. The law doesn't usually care about whether | you need sophisticated software to decode that crap. | | If you had a cryptocurrency that was based on "I hosted and | transmitted data, but I don't know what that data was" then | I think you would have a sort of robustness to the network, | maybe, where the offending data is not in the ledger. With | that said, probably it gets a similar stigma as "only | pirates/perverts use that, all the rest of us use the web." | mrlala wrote: | >or a bad outcome I ardently want to avoid (letting a spammer | know my address is active). | | Honest question- why does this really matter? Or at least | matter to any degree where you would rather have more junk mail | than potentially stop spam/undesired emails. | | If a spammer sends out 1000 emails and gets 100 bouncebacks.. | then they keep on sending to the other 900. You are one of | those 900 and you click unsubscribe.. sure, they can detect | that your email is active. But are they really going to stop | sending to otherwise? It's not like people are constantly | changing email addresses these days.. if I were a spammer and I | had a valid list, I would basically assume that's a valid email | if I don't get a bounceback. | | So I just don't get how detecting that someone attempted to | unusbscribe is that much of a 'tell'. | eitland wrote: | A number of years ago there was even a story about someone | going undercover at a spamming operation and one key takeaway | was that - at least at that place - the boss was very clear | internally about actually removing people who tried to | unsubscribe. | | I cannot vouch for the story but it looked as legit as the | average HN story back then so it might be true (or not). | mrlala wrote: | I can believe that- otherwise why would you try to continue | to scam/spam someone over email who is clearly trying to | unsubscribe.. meaning they realize it's spam/scam. | | The goal is to find people who don't know any better.. | ipython wrote: | Same reason phone spammers robocall numbers to see who picks | up... if you "engage" then you are a way more valuable target | mrlala wrote: | Eh I wouldn't say clicking an unsubscribe is engaging in | the same way at all. | | Wouldn't someone who is like "this is spam, get me off the | list" be way LESS likely to be a good scam target? | johannes1234321 wrote: | So they just hit you with the wrong message and have to | try something else. | pricci wrote: | I'm always fearful of clicking unsubscribe. It's a way of telling | the spammer "hey, this email is really used by a real human, spam | the hell out of me" | bfdm wrote: | I'm fairly sure that spammers are sending legitimate- | lookingailing list type spam to do exactly this. Appear like | misdirected mail to catch email addresses. | bentcorner wrote: | This is why I usually hit the Report Spam button. Sometimes | I'll receive a legit looking email that I plausibly signed up | for but don't remember - I could follow the unsubscribe | link/hit unsubscribe and be a good citizen, but at that point | the safer thing to do is to not interact with the mail and let | Gmail know I don't want this anymore. | | I'd rather receive the mail and let Gmail put it into a | blackhole than try to solve the problem upstream myself and | have the small possibility that I either miss a newsletter and | get spam anyway, or tip off some system that my email address | is "real". | hart_russell wrote: | I've been smashing that unsubscribe button in my email for | years. I've never had a problem in that arena. I'm usually at | inbox zero. | mattbeckman wrote: | Once you open the email, a tracking pixel will fire (usually an | <img> tag), which is far more useful to the email marketer. | | Unsubscribe is your best bet as honoring opt-outs are protected | by the CAN-SPAM act. | hu3 wrote: | Gmail doesn't load images until I athorize: | | https://i.imgur.com/RZ93VIU.png | BenjiWiebe wrote: | Thunderbird doesn't either. | RussianCow wrote: | I have a feeling that the successful delivery of the email to | your inbox has already accomplished this. | ptmcc wrote: | Any remotely legitimate mailing list will respect unsubscribe | requests, lest they run afoul of the CAN-SPAM act and/or start | getting blacklisted. | | Years ago I worked at a large email service provider for bulk | mailings on behalf of large customers and we took unsubscribes | very seriously. | | And for the really truly spam/scam emails, the unsub link is | the least of your concerns since delivery and tracking pixels | confirm the address is real and being used. The true spam | usually doesn't even have an unsub link. In those cases mark as | spam and hope that your email provider starts flagging them as | spam before it ever makes it to your inbox in the future. | | I'm an aggressive unsubscriber and 99% of the time it works. | Very little junk flows into my inbox these days. | tomjen3 wrote: | > delivery and tracking pixels confirm the address is real | and being used | | I use Thunderbird, which doesn't load that stuff. | hu3 wrote: | > since delivery and tracking pixels confirm the address is | real and being used | | Does it work in Gmail? Since it doesn't load images until I | athorize: https://i.imgur.com/RZ93VIU.png | finnthehuman wrote: | Unless you use an iPhone, then there is no way to shut off | images in gmail. Seems a bit strange that they'd not have | that feature, when gmail was the first big provider to | disable images by default. | close04 wrote: | That is inaccurate. I have disabled image loading in | Gmail and this is reflected in the web interface, the | Gmail Android app, the Apple Mail app, and very likely in | all other mail clients. Just to be clear, you _do not_ | need an iPhone to shut off images in gmail. | finnthehuman wrote: | I mean in the gmail app for iphone. Gmail images are off | when I use a desktop, they're off when I use the andriod | app, but I was surprised to see images in email when | using the gmail iphone app. | | Last time I went searching, I found google documentation | that said there are no image options for the iphone app. | fortenforge wrote: | This used to be the case but was fixed earlier this year. | You can now disable images in the Gmail iOS app: https:// | support.google.com/mail/answer/145919?co=GENIE.Platf... | [deleted] | close04 wrote: | The feature is present for some time now on both major | platforms, both in the Gmail app and the built-in Mail | app, on (some) 3rd party mail clients, and in the web | interface. | kevincox wrote: | No, in that case the email client shouldn't be making any | remote requests. | | Although note that IIUC the gmail default is now loading | remote content. (Although they do load it via a proxy so | that your IP isn't shared). | FirstLvR wrote: | this seems to be better designed on outlook, i would just create | a rule to instant delete, filter, this mails | | we need Rules on gmail... filters do the labelin work but they | dont actually move the mails | Aardwolf wrote: | gmail filters allow various actions, including delete, archive, | mark as read, forward, etc... | | is that not what you meant? | JamesCoyne wrote: | Small editing issue: | | I think the author missed adding a hyperlink in the summary at | "You can check the source of an email to do this - here's a guide | on how to do that. " | jivings wrote: | Fixed. Thanks! | sowbug wrote: | Pet peeve: unsubscribe links that take me to a page asking for my | personal information (usually my email address). I'll usually | close those pages and report the email as spam. | | If you know my email address, then put a token in the unsubscribe | link so you can retrieve my address on your end, rather than | making me retype it. If you don't know my email address -- maybe | you are sending to a list, not to me -- then I consider you spam | because you don't actually have the direct ability to remove me. | tartrate wrote: | If that happens, it _is_ spam. | mattbeckman wrote: | Annoying for sure, but one benefit of this approach is due to | forwarding. For the moment, let's assume you have a newsletter | you enjoy. If you forward an instance of that newsletter to | your friend, and they aren't expecting it, they might hit | unsubscribe. With one click, they'll prevent you from receiving | future newsletters. | | I think the better approach is simply showing the "Intended for | johndoe@example.com" next to Unsubscribe, but I could see why | they ask for your email. | joegahona wrote: | I believe one-click unsubscribe is a law. | irrational wrote: | Under what jurisdiction? | heleninboodler wrote: | It's definitely a rule in my house. I'm raising my kids | right. | boomlinde wrote: | Just respect "unsubscribe" as the subject of a mail as a | request to unsubscribe. Add a List-Unsubscribe header with a | mailto link, like List-Unsubscribe: | <mailto:list@host.com?subject=unsubscribe> | | as per RFC-2369 and use the same mailto link inside the mail | body. This is convenient, conventional and solves the problem | you describe, while also allowing users to add feedback as | they see fit in the body. | | I don't see why you have to involve the web at all, but I can | tell you that if I have to go through a bunch of bullshit | when I want to unsubscribe I'll just mark it as spam instead. | However appreciated and anticipated your newsletter is, you | have to consider that most newsletter subscriptions are | probably either accidental (failed to uncheck some box when | signing up for something entirely different) or straight up | unsolicited, and people like me will basically purge all | their subscriptions without discrimination regularly as the | crap builds up. | johnbrodie wrote: | FWIW, this solution isn't as easy to implement as you'd | think. I've seen unsubscribe pages harvested for email | addresses when they show the full address and used | urls/tokens that weren't sufficiently secure. In the case I'm | thinking of, the home-rolled algo that generated the unique | links was bugged enough that you could reverse it, and I was | surprised that someone actually took the time to do so. | enumjorge wrote: | I'll add another pet peeve to the list: unsubscribe links that | remove you from only 1 of N number of lists they have. You | click unsubscribe but a few days later you're still getting | mail because you got removed from "news" emails but this one is | a "promotional" email. | mthoms wrote: | Indeed. And locating the page where you _can_ unsubscribe to | all these lists is usually made intentionally difficult with | various dark patterns. | shavingspiders wrote: | You might find | https://twitter.com/Joe8Bit/status/1156312965265707013 an | interesting read, in how the delayed removal of you from | lists could be down to someone having to manually remove you | & needless bureaucracy. | mimimi31 wrote: | I recently unsubscribed from all but one (the account tips) | of the Firefox newsletters, because they were sending too | much stuff I wasn't really interested in. The next day I get | a new Email from them. | | Subject: "Was it something we said? _crying emoji_ ". Body: | "If you want to go... we won't stop you. [...]" Footer: | "You're receiving this email because [...] subscribed to | Firefox Account Tips. | | Yeah, thanks for the ~~tip~~ spam. | | Felt like going through one of those dark pattern flows that | Spotify or Amazon have when you try to unsubscribe from their | paid plans, trying to guilt you into reconsidering. | drngdds wrote: | That's pretty ironic coming from a company whose main value | proposition is "we aren't assholes like other tech | companies are." That and the annoying crap you have to | disable when you install Firefox to get a blank new tab | page. | | (Still better than Google, though.) | wolco wrote: | How can you get a blank page? What do I need to delete? | kbrosnan wrote: | The simplest way is to click the gear on the new tab page | and uncheck items you don't want. If you uncheck | everything you will still have the gear icon present. If | you want to hide that then your are in userChrome.css | territory. | hart_russell wrote: | 100%. It's pure laziness or technical ignorance on their part. | maybeiambatman wrote: | My Pet Peeve: Google doesn't let you unsubscribe to YouTube TV | emails via their "Unsubsribe" button. | | https://twitter.com/mohd_irteza/status/1227772431605149696?s... | naggie wrote: | I just got an email from redhat, for which the unsubscribe | mechanism asks for contact information and a survey. Pic: | https://twitter.com/callanbryant/status/1266400315940786178 | geofft wrote: | If you forward someone else something from a mailing list, | should they have the ability to unsubscribe you from that list | without your consent? | goguy wrote: | Nothing stopping them doing that the other way either. | geofft wrote: | I think I don't follow, what's "the other way"? | | I run a newsletter where both subscribe and unsubscribe do | double-opt-in (i.e., both subscribing and unsubscribing | send you an email with a confirmation URL with a token - | each newsletter has an unsubscribe link but that link | doesn't include the token). Maybe this is a mistake? Is the | norm that anyone can unsubscribe anyone else from | newsletters? | mrob wrote: | The term "double-opt-in" is spammer propaganda. It | falsely implies that getting your email added to a | spammer's mailing list, regardless of how it happened, is | "opting in". | geofft wrote: | OK, fine, maybe I shouldn't use the term. Pretend I said, | "I run a mailing list where I want to make absolutely | sure that nobody is receiving mail without their active | and informed consent and that nobody is unsubscribed | without their active consent either." I think my question | still stands? | realityking wrote: | Then it is a remarkably good piece of propaganda as it | has the blessing of, at least, German courts. | | https://www.telemedicus.info/urteile/Wettbewerbsrecht/Wer | bun... | r1ch wrote: | My favorite one is where the unsubscribe link is behind a | Cloudflare country IP block. Subscribed in the US but can't | unsubscribe after moving. | Taylor_OD wrote: | My favorite is when the unsubscribe gateway isnt https. | wolco wrote: | Worried that your isp knows you unsubscribed? | komali2 wrote: | I don't think https prevents ISPs from knowing what | domains you try to resolve - that would be where a VPN | would come into play surely? | chipperyman573 wrote: | The domain would only be relevant if the domain was a | specific opt-out domain. If it was just | https://company.com/unsubscribe, DNS would only reveal | company.com. The path (/unsubscribe) will be encrypted. | robotnikman wrote: | Correct. DoH is also useful for preventing ISP's from | snooping on that too IIRC. | benjaminl wrote: | Yeah I find it really annoying also. But surprisingly, they | don't do that just to add friction to unsubscribe. There is a | real problem that it solves. | | Legitimate mailing lists have problems with people forwarding | emails, when the recipients of the forwarded emails click the | unsubscribe button, they will unsubscribe the original | recipient who didn't want to be unsubscribed. | heavenlyblue wrote: | So why do they forward those emails to someone in the first | place? Especially to those who don't want them? You're pretty | much suggesting that "helping others spamming people isn't | spamming" | fossuser wrote: | This is the worst one I've ever seen: | | https://twitter.com/zachalberico/status/1247951473876422656?... | | It's basically impossible to know if you've done the right | thing. | ipython wrote: | Wow. I'm actually more confused after reading their | "explanation" | | > Sorry for any confusion. Select the box next to each | desired communication option or deselect to stop | communications. | | So... if I _uncheck_ the "unsubscribe" button that stops | communications?!? | fossuser wrote: | I believe that's the correct answer (since the boxes were | checked when I first opened the page). | | Yeah - very confusing though. | lostlogin wrote: | They clarified in a reply: | | Marriott Bonvoy Assist @MBonvoyAssist 9 Apr Replying to | @zachalberico Sorry for any confusion. Select the box next to | each desired communication option or deselect to stop | communications | | Now I think I understand what they are saying, but it's not a | great explanation either. A new sentence before the 'or' | would have been helpful. | redstripe wrote: | This would certainly be convenient, however if your mailing | lists contains a lot of old people then they forward your | emails to their friends. Their friends who are annoyed by this | then unsubscribe the original recipient without noticing that | the email was forwarded by their friend. | | This is a real problem for us - not a made up scenario. So we | remove the auto-filled email on the unsubscribe form. | tcgv wrote: | A way to mitigate this issue is to ask for a confirmation | before marking the email address as unsubscribed, showing the | retrieved email address in a large font as to prevent someone | who received a forwarded email from mistakenly unsubscribing | someone else. | zaat wrote: | I don't know about Gmail, but I once accidentally hit unsubscribe | on a Yandex mail account I use solely for getting mails from | mailing lists and it unsubscribed me immediately, no questions | asked, and without any way to undo. I tried removing the sender | from the unsubscribed mailing lists, removing and adding the | subscription on the mailing list side half a dozen times, but | nothing worked. | tregsthedev wrote: | Really good Read! | mattbeckman wrote: | We've had "Add List-Unsubscribe Header" on Trello for a long | time, but for some reason I had it in my mind that there was a | ~60 character limit. | | I appreciate the post because after revisiting it, I think that | info was gathered from a few-years-old blog discussing a specific | limit in (maybe?) Gmail, but it sounds like it can be broken down | into multiple lines. | crdrost wrote: | I don't think there are "multiple lines", just that you can | have quite large HTTP headers and this one happens to contain a | comma followed by a space, which the text view is using to | word-wrap. | | See e.g. | https://web.archive.org/web/20180605011201/https://www.list-... | for a better example. | slim wrote: | I want a button that says "ghost this mailing list" when I click | it, their mail server gets a standard message like "user no | longer exists at this address", or "user reached quota", whatever | makes me get pruned from their database instead of having my | email address validated and the "last_seen" column updated. | slipheen wrote: | For me, Step 1 is using their Unsubscribe option. | | If I get another message from them, Step 2 is to setup a mail | rule to put everything from their company into the Junk folder. | eropple wrote: | Too much work, tbh. It's my mailbox, not theirs. | inshadows wrote: | Right. Unsolicited email is spam and marking it as such is | proper way to deal with it. | loeg wrote: | I only do step 1 if I actually consented to subscribe to a | list. | | If the sender just added me to their list without consent? | Straight to spam. | progval wrote: | I have another step between 1 and 2: send a mail to the abuse | contact of their AS. You can do it either manually, or with a | tool like https://www.spamcop.net/ . Sometimes it works (but | rarely). | johannes1234321 wrote: | With "suspicious" sources step 1 confirms the address to | them, which allows them to see it. | | Delaying step two requires book keeping. | | Immediately blocking is low effort with effect. | | In few cases, where senders seem to be "proper" companies I | do a GDPR request. Sometimes they provide valuable | information about address brokers etc. | mikaelmello wrote: | Maybe @dhh could use this idea on hey | perfectstorm wrote: | This is pretty much what Apple did with Sign in with Apple. You | can sign up with a private relay email and Apple will forward | any communications from that company to your real personal | email account. If you get annoying emails, you can simply | dispose the private relay email and boom they can't communicate | with you anymore. | [deleted] | neuronflux wrote: | It unfortunately would probably only do the opposite as this | validation occurs during the SMTP transaction when the message | is delivered to the server. | | Going back after and saying you don't exist is like answering | the phone and going "nobody is home". | | Edit: I suppose this ghost setting could be used for future | delivery attempts though. Perhaps this is what you meant | originally. | sethammons wrote: | I work for an email service provider. While we usually get a | response from the inbox provider that an inbox does not | exist, we totally get async bounces all the time. Some | providers accept the mail and realize later that they cannot | deliver it. | massaman_yams wrote: | Can confirm. Async bounces make up somewhere around a few | percent of overall bounces for most senders. | contravariant wrote: | I think they're talking about sending an error at the SMTP | level. Not sure if that will break stuff though. | toomuchtodo wrote: | While true, email accounts can and are deleted or closed. | Transient addresses on your own domain are usually the best | (so you can nuke them when polluted, hat tip to Apple for | pushing blind emails into the mainstream with "Sign in with | Apple"), but sending fake bounce backs by sender while | binning anything incoming from them is a close second (Gmail | and Fastmail both support filtering messages directly to | Trash, but no fake bounce back messages; could probably do it | with an SMTP proxy, again if you use your own domain). | slim wrote: | correct. it's for future deliveries | livre wrote: | What GP describes would work the next time they try to spam | you, not for the current email you received. | fossuser wrote: | You can kind of do this with Fastmail and Aliases, but it's a | more manual process. | | You can really easily create aliases for specific sites or just | a general spam@ alias on your own domain. Then if it gets | abused you can mark all mail directed to that alias to bounce. | | You could later re-enable it if you wanted to. | developer2 wrote: | I migrated from Gmail to Fastmail 2 years ago, and I agree | with this. With Fastmail, I now have the wildcard address for | a domain ([a-z0-9]{7}@example.com), whereby I create a new | randomly generated email address for each | company/site/contact. I set up rules to direct emails sent | from expected addresses (sometimes by base domain regex | rather than a single address) to whitelist emails to show up | in my main Inbox folder. eg. My HackerNews email might be | qvae82d@example.com, whitelisted to accept emails from | *@ycombinator.com to my main Inbox. | | The thing is you don't want to completely blackhole/delete | messages received at a valid randomly-generated address, but | which were sent by an unexpected sender. For that, I have a | separate "Suspicious" child of my main "Inbox". The main | exception I've seen that falls under "Suspicious" is that | Amazon shares your account's email address with their | shippers; so you'll receive a Fedex notification at your | Amazon address, which falls under "Suspicious" because the | sender address doesn't originate from Amazon. | | What I find mildly strange is that, in the 2 years since I've | migrated from Gmail to a super-organized, rules-based | organization with Fastmail, I have literally not received a | single spam email. I credit this to having migrated my GitHub | account to use their privacy wrapper, so none of my commits | have my own personal email in them anymore. | takeda wrote: | Not exactly what you mentioned, but if you host your own mail | server you can use bogofilter-milter.pl[1] when it detects that | mail is a spam it rejects it with a configurable message. | | [1] https://stuff.mit.edu/~jik/software/bogofilter-milter/ | sesuximo wrote: | I think unsubscribing is a good/polite first step. If that | doesn't work, then a more aggressive spam/ghosting method makes | sense. | | Translates nicely to interpersonal communication | ipython wrote: | I am often subscribed to lists I never personally consented | to. That can happen for benign reasons such as someone | mistaking my email address for theirs, or more nefarious | reasons. | | For that reason I have no need to be "nice" to entities who | send me unsolicited email. I avoid clicking any link on email | I didn't request as - just like answering the phone confirms | that a live person is home - clicking "unsubscribe" just | means the email address is valid and has a human behind it. | | We have to stop pretending like there are humans behind our | communication. If I had to guess, 99% of my email volume is | generated by a machine of some sort. | dicknuckle wrote: | reminds me of a time someone with my very uncommon last | name and same first initial had signed up for | skipthedishes.com with my [first initial] [last | name]@gmail.com and started ordering takeout from various | places local to them, halfway across the country. the | website doesn't send a validation email when creating an | account. this went on for months, getting a food order | confirmation email with no charges on my credit card. | finally I got so annoyed that I reset the password, logged | in and found their cell number. I sent a polite text | message describing what happened, assured that the website | obscured credit card details properly and that they should | change the password from [generic password]. | dave5104 wrote: | Did you ever find out why that person signed up with an | email that didn't belong to them? Did they intend to use | a real email and for some reason didn't? Or did they want | to use a dummy email that they didn't own? | willcipriano wrote: | I've done something like this [0], postfix sends a nice | rejection message the next time they try to connect. Ironically | I've had people email me that rejecting their spam is filling | up their inbox with error messages. | | [0]https://blog.tinned-software.net/permanently-reject-a- | specif... | flak48 wrote: | >Ironically I've had people email me that rejecting their | spam is filling up their inbox with error messages. | | Wow | joahua wrote: | I get this on my domain, it's called backscatter I think. | https://en.m.wikipedia.org/wiki/Backscatter_(email) | | Less technical folks would likely complain about it, as it | tends to resemble the spam that was sent from their spoofed | domain (I.e. "re: fake pills" subject lines as the | rejection message hits their inbox). | brightball wrote: | It would be interesting to see the side effects of doing | something like that. ___________________________________________________________________ (page generated 2020-05-29 23:00 UTC)