Heroes Happen Here Launch Events Attend the upcoming launch of three powerful new products, take a test drive, meet the teams, and leave with promotional copies of Windows Server 2008, Microsoft SQL Server 2008, and Microsoft Visual Studio 2008. Register here. »   Install What You Need with Windows Server 2008 Windows Server 2008 is Microsoft's most full-featured server operating system yet, so it's ironic that one of its most exciting new features is an install option that cuts out most of the other features. Paul Rubens explores why a Server Core installation makes a great deal of sense in many instances. »   Simplify Big Business IT for Small and Midsize Companies Windows Small Business Server 2008 and Windows Essential Business Server 2008 deliver all-in-one solutions to help fuel growth for customers and partners. »   Q&A with Bob Muglia: Senior VP, Server and Tools Division Bob Muglia, senior vice president, Server and Tools Division, discusses Microsoft's new interoperability principles and the steps the company is taking to increase the openness of its products. »   Q&A with Lutz Ziob, GM of Microsoft Learning Lutz Ziob, the general manager of Microsoft Learning, talks about how IT professionals can become certified heroes within their enterprises by getting trained and certified in Windows Server 2008. »

- ITSMWatch Newsletter -

Tech Focus: Security Cybersecurity: Laws Only Go So Far Mozilla Firefox vs. Internet Explorer: Which is Safer? Is Your Blog Leaking Trade Secrets? The Las Vegas Counterfeiting Story: Is Your Privacy Worth More Than a Poker Chip? Stopping Spammers at The Point of Sale

Product Watch •IOGEAR KVM - Includes Audio/Peripheral Sharing •Coverity Prevent / Coverity Thread Analyzer - Analyze Source Code For Defects, Security Vulnerabilities •USSD Series - SDRAM-Based Solid State Drives to 256 GB •UltraSMS - Send SMS From Your PC •Sentinel Sensors - Wi-Fi Based Temperature Monitoring Especially For Cold Storage more products >>

Datamation Definitions data mining ERP extranet grid computing intranet network appliance outsourcing storage VPN virus

FREE Tech Newsletters Instant Messaging Planet HTML CIO Update CodeGuru Update Practically Networked HTML Enterprise Storage Forum HTML Optically Networked HTML Intranet Journal Update Datamation IT Management Careers Datamation IT Management Update Executive Tech HTML Developer.com Update Gamelan Java Update Goodies to Go Javascript Weekly HTML JARS Java Update OpenSource Update SysOpt Tech Notes Grid Computing Planet HTML E-Security Planet HTML Virtual Dr. Text

Whitepaper: Control Costs & Drive Agility in the Datacenter. Learn to control costs, improve business agility & remain secure & in compliance through dynamic infrastructure.

Ctrl+Del To Control E-Mail Lists
October 12, 2004
By Brian Livingston

With all the brainpower in the computer industry, don't you think our supposed experts would have invented by now a standard way to get off an e-mail list without you having to hunt and peck through a different procedure every time?

One of the few things that the "YOU-CAN-SPAM Act" did when it went into effect in the U.S. last January is to require that all bulk e-mail mesages contain a way to unsubscribe. Many other countries have similar or much stronger requirements.

But in a study of legitimate e-mail newsletters, Web usability guru Jakob Nielsen found that it took end users an average of 3 minutes and 5 seconds to unsubscribe from the typical newsletter. And that's how long users needed to decipher a respectable unsubscribe page, not some phony Web form set up by spammers.

Hunting around an unfamiliar Web page for three minutes is more work than simply pressing the Delete key every time an unwanted newsletter appears. For this reason, e-mail users are far more likely to click Delete, or create a filter rule to divert such newsletters, or erroneously use a Report Spam button than they are to try to unsubscribe.

I reported in this space last week that a small startup company, Lashback LLC, is successfully selling a $29.95-per-year service to handle unsubscribes automatically. When e-mail users click Lashback's special button, the company tests any unsubscribe link found in a particular e-mail message. Only if the unsubscribe mechanism really works is the user's e-mail address submitted to the sender of the e-mail. If the unsubscribe method is a hoax, Lashback starts filters out all similar messages so the user never has to see them.

I wish this startup well, but its automated unsubscribe-management service would seem to be an obvious feature for e-mail programs themselves to provide. Therefore, I have a modest proposal.

Using Ctrl+Del And Shift+Del

Imagine this: The Delete key on our keyboards could become just one of three, equally-fast methods to dispose of e-mail messages:

• Del. Pressing the Del key in future e-mail programs would move a message into the trash, just as it does now.

• Ctrl+Del. Holding down the Ctrl (control) key with Del would launch an automatic unsubscribe process back at newsletter headquarters. An easy way to remember this key combination is that "Ctrl+Del" is how you "Control Your Subscription."

• Shift+Del. Holding down the Shift key with Del would report the selected message as spam. This would also invoke whatever penalties an Internet service provider happens to offer. The memory-jogger for this key combination is that "Shift+Del" and "Spam" both start with the letter S.

Lashback's button, which integrates into Microsoft Outlook and Outlook Express, effectively figures out for you which bulk e-mail you can safely unsubscribe from and which are scams that you must filter out in the future. It uses a simple formula to make this decision: A working unsubscribe mechanism equates with legitimate e-mail, a bogus mechanism indicates spam.

A study I reported on in my last column, however, found that 51% of the e-mail newsletters from 1,000 legitimate companies, including most of the Fortune 500, provide no unsubscribe link at all. In addition to that fact, I doubt that most e-mail users will add another $29.95-a-year service to their budgets just to perform a function that all e-mail programs should already have.

Moving Toward An Industry Standard

It seems to me high time, therefore, that users demand a new Internet standard that makes an unsubscribe process that's guaranteed to be safe as simple as clicking a single button or a pressing a single key combination.

Michael Perone, marketing vice president of Barracuda Networks, feels such a standard shouldn't be proprietary. "It would be much easier for people to accept if it was an open-source thing," he says.

Perone's company makes the Barracuda Spam Firewall, a 1U rackmount appliance that won an Editor's Choice award last May from among 28 filtering solutions tested by Network Computing magazine. But the device as yet has no Lashback-like way to determine for an end user whether an unsubscribe link is safe to invoke.

A legitimacy rating system, Perone says, "could have levels of good or not-so-good," rather than simply pass/fail. "Maybe some server wasn't working or something." A temporary outage should be factored into a newsletter publisher's score rather than a single failure causing a permanent demerit.

Such a ranking mechanism could be set up "like RBLs [real-time blocklists] are done today, with some kind of reverse DNS lookup," Perone explains. "Guys like SpamHaus and SpamCop must be thinking of going to that."

Sophisticated And Automated

The inability for end users to trust the anarchic unsubscribe mechanisms of today's e-mail lists hurts legitimate publishers while doing nothing to deter spammers, says David Troup, president of Solinus.com. His company makes MailFoundry, a new spam-filtering appliance that began shipping on Sept. 8, too recently to have been considered in Network Computing's comparative review.

A sophisticated yet automated way to discern good senders from spammers is necessary for e-mail to work as a reliable communications medium, Troup says. "When you have end users participate in spam reporting, you get a tainted database [with many false complaints]," he explains. "We encourage our users to report spam, but each report goes to a human editor."

Troup suggests that, as long as a working unbsubscribe mechanism is now required by law in the U.S. and elsewhere, the procedure could be standardized using Internet methods that any e-mail program can tap into. For example, e-mail servers that send out legitimate lists can be reached by e-mail programs via routines called POST and GET.

"In the HTML format, you can send that POST or GET to a mail server," which could interpret the feedback as an unsubscribe command, Troup says.

A Seal Of Confidence

Until this kind of reliable unsubscribe method is standardized and widely available, Lashback has its own proposal to reassure end users that a particular newsletter honors cancellation requests.

The company offers to publishers a "Lashback Certified Safe Unsubscribe" seal. This is a small graphical image that publishers with a demonstrably working unsubscribe mechanism can display in their newsletters and on Web pages. Clicking the image leads the user to a separate explanation staing that the sender is certified by Lashback to honor removal requests and that any e-mail addresses entered are safe from spammers.

This is a great idea. Unfortunately, a quality seal from a little-known company doesn't exactly have the reassuring ring of "UL Certified" and other programs that are backed with millions of dollars of advertising.

Thanks to the so-called smart folks who invented the Internet's weak e-mail protocols, however, an ID effort from an obscure little software company is currently about the only guarantee of an unsubscribe mechanism that we've got.

Tools:

Add itmanagement.earthweb.com to your favorites Add itmanagement.earthweb.com to your browser search box IE 7 | Firefox 2.0 | Firefox 1.5.x Receive news via our XML/RSS feed