Earthweb
Images Research Events Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts
 SUBJECTS:
 FEATURES:
Search EarthWeb Network

internet.commerce
Be a Commerce Partner
Search Web Hosting
Cheap Cameras
Promotional Items
Prepaid Phone Card
Web Hosting
Online Education
Auto Insurance
Prepaid Calling Cards
Mortgage Refinancing
Tech Jobs
Masters Online
Computer Parts
Graphics Cards
Desktop Computers

AMD How-to Article:
Driving Windows x64: A Checkup, with Tips and Workarounds

AMD Article:
Supersizing Java
IT Management : Columns : Executive Tech: How to Know When Unsubscribing Isn't Safe

Symantec Data Management Solutions
Whitepaper: The Benefit of Continuous Data Protection
Data volume continues to grow at nearly 40% to 50% each year, making back up of mission critical data very difficult. For any organization looking to manage data growth, improve reliability, and speed data recovery, continuous data protection provides the avenue to address the challenges in a method that will improve overall data protection without weighing down IT with costly solutions.
Register Now to Download.
Whitepaper: Breaking Through the Dissimilar Hardware Restore Challenge
This paper discusses recovery to virtual computer environments, hardware migration strategies, hardware repurposing for optimal resource utilization, meeting recovery time objectives, and increasing disaster tolerance.
Register Now to Download.
Whitepaper: Converging System and Data Protection
From resilience against threats to efficient restoration of normal operations, Symantec can help keep your business up, running, and growing—no matter what happens.
Register Now to Download.
Webcast: Symantec Brings Disk-based Data Protection and Advanced System Recovery Together
Symantec Backup Exec™ and Symantec LiveState Recovery™ allow rapid and easy backup and recovery of virtually any Windows data and Windows system.
Join us for an informative Webcast to learn how to:
  • Create backups and restore to specific system recovery points
  • Maintain data availability and minimize server downtime
  • Eliminate backup windows, improving increased system reliability
  • Dramatically minimize downtime by rapidly recovering entire systems to dissimilar hardware platforms or even to virtual environments
Register Now to Watch.

Related Articles
More Ways to Protect Your E-Mail
Do Panasonic's Batteries Really Beat Energizer's?
Carry a USB Drive in Your Wallet
Secondary Mail Records Invite Spam
- ITSMWatch Newsletter -
email:
IT Focus
Wireless in the Enterprise

Wireless technology continues to make great inroads into networks. But IT pros still must contend with a number of issues such as security, access and integration.

Ready? Set. Go!

Mobile Workers Never Looked So Thin

The Incredible Hidden Wireless Connection

Product Watch
Interop Secure Shell - SSH and SFTP Server/Clients for Windows w/SFU, SUA
SiteAssure - Anti-Phishing and Two-Factor Authentication Platform
SenSage - Clusterable Infrastructure for the Collection, Analysis of System Events
WinRAR - Support for RAR and ZIP Archives
NetDefend - Combined Firewall and VPN For SMB to Enterprise

more products >>

Datamation Definitions
data mining
ERP
extranet
grid computing
intranet
network appliance
outsourcing
storage
VPN
virus
FREE Tech Newsletters

Track SharePoint Sites and Servers Easily: Download Quest's Discovery Wizard for SharePoint!

How to Know When Unsubscribing Isn't Safe
January 31, 2006
By Brian Livingston

Brian Livingston E-mail newsletters like mine -- the ones that are sent by legitimate publishers, anyway -- proudly proclaim, "You can unsubscribe at any time!"

But how do you know that for sure? What if unsubscribing from an e-mail newsletter actually prompted the publisher to sell your e-mail address to spammers, who then sent you more spam?

Now there's an easy way to know in advance whether it's safe to subscribe to or unsubscribe from an e-mail list. Best of all, it's free. And I'll bet that the details of some innocent-looking unsubscribe forms that are not safe to use will shock you.

Unsubscribing Used to be So Easy

Once upon a time, if an unsubscribe form on a Web site existed at all, it was pretty safe to submit your e-mail address to it. Unfortunately, spammers got sneakier and things went downhill from there:

Ah, the good old days. Back in 2002, the U.S. Federal Trade Commission selected, at random, 200 spam messages that contained some kind of "unsubscribe" e-mail address or Web form. Out of the few such addresses and Web pages that existed at all, the FTC found in a study that the "vast majority" did absolutely nothing. The opt-out procedures were mentioned in the spam messages solely to make them look legit.

Unsubscribe forms start to get tricky. Now fast-forward to 2003. A small company named Lashback LLC starts methodically testing every unsubscribe method it can find in e-mail newsletters and Web pages. To do this, the company's computers make up never-before-used e-mail addresses and enter them into unsubscribe mechanisms. If one of these unique addresses begins to receive spam (other than an initial opt-out confirmation), it means the operator of the mechanism is really a spammer or is selling the submitted addresses to spammers. When I first wrote about this in October 2004, Lashback president and CEO Brandon Phillips told me that only 1.7 percent of the 27,719 unsubscribe mechanisms he'd tested led to spam.

Opt-out becomes a profit center. The latest figures show a sharp increase in "remove me" links that deviously send you more spam. As of January 2006, 7.5% of the tested unsubscribe mechanisms result in the submitted e-mail addresses receiving spam, according to Phillips. Many of these sites are undoubtably selling the names to generate revenue.

Worst of all, some sites that operate "global removal services" actually charge consumers money to be "removed from all spam lists." Then they sell the names to spammers! According to Spamhaus.org, a respected antispam service based in the U.K., a few of these services offer their "do-not-email lists" for free, but others charge gullible Internet users $5 to $22.

No one can get your address off spammers' lists, so don't fall for this. A list of sites that exhibit this behavior is maintained at Spamhaus's Spam Unsubscribe Services page.

Lashback -- Don't Unsubscribe Without It

Finally, there is now a way ordinary people -- as well as information technology professionals -- can determine whether an unsubscribe form is in reality a front for spammers, before entering an e-mail address.

The same procedure that Lashback uses to catch crooked unsubscribe forms can also verify that other opt-out Web pages are free of problems. Lashback has just made both the "devil" and "angel" lists available to the public for the first time.

The scope of Lashback's probes is vast, so I believe most unsubscribe mechanisms in the English-speaking world are being tested. The company currently monitors about 1.3 million different Internet Protocol addresses that send e-mail containing some type of unsubscribe wording, Phillips says. Those messages, in turn, point to about 170,000 different opt-out mechanisms. Of those, 12,825 (7.54%) show evidence of generating spam to e-mail addresses that are submitted, Phillips calculates.

How to Use Lashback's Unsubscribe Ratings

Lashback publicly provides two free databases that you can check for what the company calls "suppression list abuse" (turning unsub addresses over to spammers).

The first is a list of IP addresses that have a recent history of sending spam to people who've requested, "Remove me." If you receive something questionable, use your e-mail program to look in the message's header section for the sender's IP address (e.g., 255.255.255.255). Then enter this into the box on the following Web page:

www.lashback.com/register/UnsubsafeLookup.aspx

An alternate form of this database is also made available by Lashback for online querying. This allows IT admins to program their mail servers to check the list in real time before the server accepts e-mail from a particular IP address. For more information, see Lashback's Unsubscribe Blacklist page.

The second database is a list of Web pages bearing unsubscribe forms that result in spam being sent to addresses that are submitted. Before you enter your e-mail address into such a form, type the domain name of the page, such as example.com, into the box on this page:

www.lashback.com/UnsubsafeSearch.aspx

After you enter a domain name, this page will usually respond that "Lashback has no record of unsubscribe abuse for this domain" (which is good) or "Lashback has recorded abuse for the following unsubscribe mechanisms" (followed by a list of sites where you should never use the "unsubscribe" form).

Lashback returns any domain names that end in the character string you type in. If you enter example.com, for instance, the form might return reports on www.example.com, server1.example.com, mail.example.com, and other subdomains of the main Web site. This allows you to catch untrustworthy operators, no matter which subdomain they might host an unsubscribe form on. (There's no rule that a Web address must begin with www.)

This wild-card matching behavior can produce some provocative results. If you enter apple.com into the lookup box, Lashback reports problems with the domain names rampage.virtual-apple.com and www.ittasteslikeapple.com. These sites have absolutely nothing to do with Apple Computer, the maker of the iPod. Only if you see the exact string apple.com in the results should you suspect a problem with the unsubscribe mechanism at the Apple Computer site.

This free lookup service represents a fantastic benefit to all e-mail users. Lashback, however, only began to offer the free domain-name lookup a couple of days ago. It's received absolutely no publicity. As of yesterday, there wasn't even a link to the lookup form on the company's home page yet. You're reading about it here first.

Guess Who's Letting Their Unsub Addresses Get Out

Lashback makes money by selling "unsubscribe monitoring" to legitimate companies that send e-mail. For $195.95 per month and up, depending on the number of unsubscribe mechanisms that must be monitored, Lashback regularly tests its clients' routines and reports to them on any that fail. This kind of monitoring is more important than ever since the United States' so-called CAN-SPAM Act in 2004 made it a crime for e-mail senders to ignore opt-out requests.

It appears to me that there are a lot of corporations that could use Lashback's monitoring efforts. The testing of unsubscribe mechanisms across the Internet, Phillips says, has revealed that some very big brand names allow e-mail addresses submitted to their unsubscribe forms to get into the hands of spammers.

I'll report next week on who some of those big companies are.

Brian Livingston is the editor of WindowsSecrets.com and the coauthor of "Windows Me Secrets" and nine other books. Send story ideas to him via his contact page. To subscribe free and receive Executive Tech via e-mail, visit our signup page.


Executive Tech Archives


JupiterWeb networks:

Graphics.com

Search JupiterWeb:

Jupitermedia Corporation has three divisions:
JupiterResearch


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Jupitermedia Corporate Info | Newsletters | Tech Jobs | E-mail Offers