Dave, every few days I receive an email asking me to “confirm unsubscribe”. They never say the name of the mailing list, and I haven’t clicked on an unsubscribe button for weeks. What’s going on with these?
Props for your skepticism, what you’re encountering is a rather obscure form of spam. Worse, it’s a form were if you succumb and click the link, you’ll likely get a lot more email spam in the future. Why? Because the purpose of the message is to separate out active email addresses (that is, those where someone reads the email and will respond to a request) from bad email addresses, dead mailboxes, ignored mailboxes, etc.
For this to make sense, you have to think big. It’s not about you, it’s about having a list of 500,000 email addresses and wanting to be able to identify which are valid and active. The original list might have been harvested from another mailing list, scrapped off Web pages, or culled from a few hundred hacked email accounts. They can also be obtained through social media sites with poor security, even other spammers!
What’s interesting is that I actually receive solicitations offering “a mailing list with 5,000 pre-school directors”, for example. It might be legitimate, but did they sign up for the list? Did they sign up to have me contact them via email? No, no, and using any of these lists is a violation of the law. But that doesn’t stop scammers from trying to sell the list. Now, imagine if they could say “5,000 active addresses” instead of 5,000 addresses of which probably 90% or more are useless, inactive, or dead.
What’s also interesting about these particular spam messages is just how simple they are. No fancy Website involved, no spoofing a legit sender, no corporate logos to lull you into a sense of false confidence. Let’s have a look at one to see how they work…
CONFIRM YOUR UNSUBSCRIBE
Here’s a pretty typical one I received this morning:
As with the messages you receive, there’s no indication of what I’m supposed to be unsubscribing from, just a generic “confirm you unsubscribe”. Makes no sense if you think about it; even if I’d clicked to unsubscribe from an email list, it would at least be mentioned here!
Also notice that there’s an image that is failing to load. That’s a potential red flag too, but this one is so obviously not legit that I’d hope 0% of recipients fall for the ruse. Still, it’s worth doing a bit more research if you’re unsure. One way to learn more is to click on the tiny triangle adjacent to the recipient, in this case “to me” near the top.
Did you notice the listed recipient? “me@aol.com”?? I know that’s not my email address, so it’s safe to conclude it isn’t meant for me: If it was a legit unsubscribe confirmation it would be to me not to “me@aol.com”. (pretty sneaky, though, so it lists “to me”, as shown earlier).
There’s also the information about the sender that’s highly sus too, focusing on the domains: questionprov812741.com and 1960s-.ass00900.jdsdfds.my.eu.org. Neither sounds legit so, again, that should be sufficient information for you to feel confident you can safely delete the message.
WHAT HAPPENS IF YOU CLICK?
Where this really gets interesting, though, is what happens if you actually click on the “Unsubscribe” link, because it doesn’t take you to a Web site, it opens up an email creation window!
This is where Gmail (the email program I’m using in this instance) is doing a disservice by hiding the other 49 recipients, but we’ll come back to that. Notice the subject of this message – “UnsubscribeKZ”. The “KZ” suffix is automatically generated and intended to minimize the risk that responses aren’t filtered out by all having a common subject (“Re: Unsubscribe”). If each batch of 1,000 has a different suffix, it’s far more likely to survive the email spam filter gauntlet.
But who’s the recipient? That, of course, is the question of the day and as I said, Gmail’s hiding all but the first listed, sebastiancmitchell@outlook.com. That email address might be legit, it also might be some random person, but if you click on “49 more” it expands to show every address:
Who are these people?! In fact, it doesn’t matter; there are 49 junk addresses and one that’s actually the intended recipient (likely a throw-away hotmail, outlook, gmail, or googlemail account). If you respond, you’ll be spamming 49 addresses (some of which undoubtedly are bad and will bounce, others of which will produce a response like “who are you and why are you spamming me??”).
This is very much a needle-in-haystack approach to hiding the email address of the scammer, using the logic that even if you wanted to try and track them down, you have 49 junk email addresses to eliminate before you find the real one. Even then, spammers use addresses until they don’t work and move to the next one.
The solution, therefore, is to keep being skeptical and vigilant. If you receive an email that doesn’t make sense, that doesn’t “pass the sniff test”, just delete it. This will save you enormous amounts of grief down the road!
Pro Tip: I’ve been writing about online scams for many years. Please check out my spam, scams and security help area while you’re visiting for more informative articles on how to stay safe online. Thanks!