Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.
In a nutshell: A common rule of thumb advises unsubscribing from commercial emails if they are annoying or outright spam. However, some experts caution against this advice, as clicking the "unsubscribe" button can expose users to additional risks and security issues.
According to TK Keanini, CTO at DNSFilter, the "click to unsubscribe" option found at the bottom of many commercial emails can become a security risk over time. Users often click these links blindly in an attempt to stop the flood of spam messages, but Keanini warns that one in every 644 clicks can lead to a potentially malicious website.
In a recent interview with The Wall Street Journal, Keanini emphasized that users shouldn't trust the emails they receive – even if they trust the email client they're using. Clicking the unsubscribe link takes users out of the safe, structured environment of their email client and into the open web, which remains a risky landscape full of spam-related dangers.
At the lowest threat level, clicking "unsubscribe" can help a cybercriminal verify that an email address is active. Once a user unwittingly confirms their address is valid and monitored, the attacker may escalate their efforts through social engineering or more advanced malicious tactics.
According to Michael Bargury, co-founder of security company Zenity, unchecked unsubscribe links can also redirect users to phishing websites. These pages are typically designed to fraudulently steal passwords or other login credentials, or even attempt to deploy malware on the target device. If a redirected site asks for a password to unsubscribe, just don't comply with the (likely) malicious request, Bargury warned.
Charles Henderson, executive VP at security firm Coalfire, added that while a few legitimate vendors may ask users to re-enter their email address to confirm unsubscription, trust is the critical factor. If you don't trust the company that sent the email, you're unlikely to trust the unsubscription process on their website either.
According to the three experts interviewed, one of the safest ways to unsubscribe is by using "list-unsubscribe headers" provided by email services. These typically appear as built-in buttons in your email client, and are generally secure because they're not part of the email's main body and don't include any suspicious web code.
But what if the header doesn't contain a link, or is hidden within the email's source code? In such cases, users are often left relying on their spam filter, or they can simply blacklist the sender after repeated offenses. Using disposable email addresses when signing up for new or untrusted websites is also a good practice, though it can make online shopping or account management more cumbersome.
English (US) ·