There are few things in the digital world as annoying as spam emails. They flood our inbox after our email address is sold by a data broker, shared with third parties from a site we’ve willingly given it to, or obtained through a data breach. It’s natural to want to get off these lists as fast as possible, but if there’s one thing you should rarely ever do with one of these spammy emails, it’s click the “unsubscribe” link found in it. Here’s why, and what to do instead.
The problem with ‘unsubscribe’ email links
With few exceptions (see below), you should avoid clicking on unsubscribe links in most emails you receive. This is especially true if the link is in an email that is clearly spam, one from some business or website you have never given your information to.
This is because these unsubscribe links usually take you to a web page via a URL embedded in the unsubscribe text that identifies your email address, either in plain text or via an alphanumeric code. The moment this unique URL loads, the spammer at the other end knows that you were the one to click it; they now know that the email address they blasted does, in fact, have a real person at the other end.
If the email is from a spammer, there is a high chance that they will not—and never intended to—delete your email address from their database. In this case, clicking on that unsubscribe link reveals to the spammer that the email address they’ve sent the message to is being read by a human. This confirmation usually only makes your email address a target for even more spam emails. This is the best-case scenario.
But there’s a worst-case scenario as well. Scam emails often imitate genuine organizations—such as your bank or a subscription service provider. These emails typically claim that you can opt out of what appear to be marketing messages by clicking the unsubscribe link. However, when you do, the link directs you to a malicious website that appears legitimate and asks you to log in or provide other personal information to verify that you are the account owner who wants to unsubscribe. The scammers then use the information you enter on their fake site to hack into your real account or commit other types of identity theft with the data you’ve given them.
Here’s what to do instead
It should be noted that if you are 100% certain an email is from the organization it purports to be (such as Netflix, Apple, or Chase Bank, for example), it’s pretty safe to click on the email’s unsubscribe link. Large companies tend to honor unsubscribe requests because they would face significant public backlash (and potential legal troubles) if they didn’t.
But if you are even remotely uncertain, or the email is clearly from a spammy site you never signed up for in the first place, it’s probably best to avoid clicking on that tempting “unsubscribe” link.
