Images Research Events Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts
Search EarthWeb Network

CA Management Solution for
Multi-Service Operators
Event Correlation and Root Cause Analysis
Perform event correlation, impact analysis and root cause analysis across networks, systems and applications.

Continental Airlines Improves Voice Messaging with eHealth

Technology Integration Directions: Network and Systems Management
Optimize the availability and performance of the technical environments that support business operations.

eHealth Solution at UMass Optimizes Resources and Assures Quality of Voice Services

Management Solution for MSOs
Find out how Multi-Service Operators can deliver new bundled services ahead of competition.

Be a Commerce Partner
Online Education
Home Equity Loans
2007 New Cars
Promotional Pen Items
Truck Advertising
Compare Prices
KVM over IP
Promotional Hats
Corporate Gifts
Budget Web Hosting
Conference Services
Merchant Accounts
Domain registration

PC Notebooks
IT Management : Columns : Executive Tech: Corporations Have an Unsubscribe Problem

Symantec Data Management Solutions
Whitepaper: The Benefit of Continuous Data Protection
Data volume continues to grow at nearly 40% to 50% each year, making back up of mission critical data very difficult. For any organization looking to manage data growth, improve reliability, and speed data recovery, continuous data protection provides the avenue to address the challenges in a method that will improve overall data protection without weighing down IT with costly solutions.
Register Now to Download.
Whitepaper: Breaking Through the Dissimilar Hardware Restore Challenge
This paper discusses recovery to virtual computer environments, hardware migration strategies, hardware repurposing for optimal resource utilization, meeting recovery time objectives, and increasing disaster tolerance.
Register Now to Download.
Whitepaper: Converging System and Data Protection
From resilience against threats to efficient restoration of normal operations, Symantec can help keep your business up, running, and growing—no matter what happens.
Register Now to Download.
Webcast: Symantec Brings Disk-based Data Protection and Advanced System Recovery Together
Symantec Backup Exec™ and Symantec LiveState Recovery™ allow rapid and easy backup and recovery of virtually any Windows data and Windows system.
Join us for an informative Webcast to learn how to:
  • Create backups and restore to specific system recovery points
  • Maintain data availability and minimize server downtime
  • Eliminate backup windows, improving increased system reliability
  • Dramatically minimize downtime by rapidly recovering entire systems to dissimilar hardware platforms or even to virtual environments
Register Now to Watch.

Related Articles
How to Know When Unsubscribing Isn't Safe
More Ways to Protect Your E-Mail
Do Panasonic's Batteries Really Beat Energizer's?
Carry a USB Drive in Your Wallet
- ITSMWatch Newsletter -
IT Focus
Wireless in the Enterprise

Wireless technology continues to make great inroads into networks. But IT pros still must contend with a number of issues such as security, access and integration.

Ready? Set. Go!

Mobile Workers Never Looked So Thin

The Incredible Hidden Wireless Connection

Product Watch
FibeAir - Wireless Connectivity For Campuses, Providers
InfiniPath - Linux Cluster Interconnect for MPI Applications
Elemental Security Platform - Agent Based Host Security Policy Compliance and Management
FeedBuster - RSS Reader
EMC Celerra - IP Storage in Integrated or Gateway Configurations

more products >>

Datamation Definitions
data mining
grid computing
network appliance
FREE Tech Newsletters

Whitepaper: Sun StorEdge 5210/5310 NAS Appliance Storage Consolidation and Web Serving. Implement & consolidate storage in a web serving environment, maximizing storage & administrative resources.

Corporations Have an Unsubscribe Problem
February 7, 2006
By Brian Livingston

Brian Livingston Can you trust a major corporation to keep your e-mail address out of spammers' hands after you fill out the company's unsubscribe form?

Not always, according to a service that tracks what happens when addresses are submitted to unsubscribe mechanisms on the Web.

I wrote last week that a service called Lashback LLC has tested some 170,000 different "remove me" procedures that it's found on the Internet. This small antispam firm says it's already caught some big fish in its net.

Riches from Nigeria

Brandon Phillips, the president and CEO of Lashback, says one of the worst unsubscribe problems he's seen relates to the site of Gevalia Kaffe, a subsidiary of Kraft Foods.

According to an "unsubscribe abuse report" posted at the Lashback site, the service unsubscribed from Gevalia's gourmet-coffee promotions using a unique, never-before-seen e-mail address on Oct. 25, 2005. In the overwhelming majority of the thousands of unsub forms Lashback has tested, the request works and no more e-mail is received.

On Jan. 20, 2006, however, Lashback began receiving spam messages to its virgin address. The first one came from "Barrister Mark":

"I am MARK EDMUND (Esq.) a Solicitor. I am the Personal Attorney to Mr. Fredrick Lauderdale, a national of your country, who is an oil merchant in Nigeria. On the 21st of April 2001, my client, his wife and their two children were involved in a car accident along Sagbama Express Road Balyasa State, here in Nigeria. All occupants of the vehicle unfortunately lost their lives. Since then I have made several inquiries to locate any of my clients extended relatives, this has proving unsuccessful."

The message went on to offer the recipient -- which was just a made-up e-mail address, as you recall -- a share of the estate, worth "USD$12 MILLION." For some reason, the attorney proposed to keep 60 percent for himself, assigning only 40 percent for the next of kin and the payment of taxes. Some steep attorney's fees they have in Nigeria.

This message is obviously fraudulent, and the other messages that arrived weren't much better. Lashback's test e-mail address has received more than two dozen spam messages since the problem began, according to documentation Phillips sent me.

A spokesman for Kraft Foods, Larry Baumann, told me in a telephone interview, "Gevalia and Kraft have a zero-tolerance policy for spam. We have very strict policies in place, both internally and with our vendors, that govern our e-mail communications with consumers.

"We have a password-protected, secure site where we post our suppression list," Baumann continued. "That list is updated daily, and our affiliates are required to upload the file."

How Unsub Addresses Get to Spammers

When Lashback finds an unsubscribe mechanism that results in the submitted e-mail addresses receiving spam, is it because the operators of the unsub forms sold the addresses to spammers? Not necessarily.

There's no way to say for sure what happened in Gevalia's case. But one clue can be found at the bottom of one promotional message for the company's products: "This message was sent to you by a trusted affiliate."

Many companies pay commissions on sales made by affiliates who send promotions to their various e-mail lists. Under the CAN-SPAM Act, which went into effect in the U.S. in January 2004, companies that promote their products via bulk e-mail must honor unsubscribe requests. These companies are also required to make every subsidiary or agent stop sending e-mail to the people who said, "Remove me."

Many corporations, therefore, maintain lists of e-mail addresses that have requested cancellation. If these lists are provided to affiliates so they can remove the names from their e-mailings, it takes only one dishonest affiliate to sell the entire list to spammers.

E-mail addresses of these so-called suppression lists could be very attractive to spam marketers. When an address is submitted to an untrustworthy unsubscribe form, it proves that:

1. The e-mail address is valid;

2. Someone reads e-mails sent to that address; and

3. The recipient is comfortable enough with the Internet to correctly enter data into a Web form.

These are the minimum qualifications needed to place an order for something that spammers might want to advertise.

Keeping Suppression Lists Private

This kind of problem with unsubscribe lists is exactly why the U.S. Federal Trade Commission recommended in 2004 that Congress not create a "do-not-email" registry. Unfortunately, the fact that the suppression lists required by the CAN-SPAM Act get into the hands of spammers is just one of the negative side-effects of that poorly drafted legislation.

In a telephone interview, Lashback's Phillips says companies that provide suppression lists to affiliates should, at a minimum, seed the lists with unique, "decoy" addresses so privacy violators can be identified.

Although this could get a dishonest affiliate banned, it wouldn't help the people whose addresses were turned over to spammers. A better solution, Phillips says, is for companies to contract with go-between services that can "scrub" the lists of affiliates. That way, the addresses on the unsubscribe list never get into outsiders' hands. The leading third-party scrubbing service is UnsubCentral, an offshoot of e-mail service provider Skylist.

Despite the bad apples, Lashback's methodical testing of unsubscribe mechanisms shows that about 92.5 percent of them are trustworthy and don't lead to more spam.

To find out whether a particular unsub form can be trusted or not, enter the domain name of the particular site into Lashback's free lookup form:

If a newsletter comes from a legitimate publisher, you should always use its unsubscribe mechanism. But you should never enter an address into unsub forms that are friendly to spammers.

Fortunately, with Lashback's new lookup tool, it's now easy to tell the difference.

Brian Livingston is the editor of and the coauthor of "Windows Me Secrets" and nine other books. Send story ideas to him via his contact page. To subscribe free and receive Executive Tech via e-mail, visit our signup page.

Executive Tech Archives

JupiterWeb networks:

Search JupiterWeb:

Jupitermedia Corporation has three divisions:

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Jupitermedia Corporate Info | Newsletters | Tech Jobs | E-mail Offers