Marsha from MI asks:
If an email looks legitimate and has a disclaimer at the bottom that says this email is CAN-SPAM compliant, is it safe to click on the “unsubscribe here” link?
It’s difficult to imagine a time when the word “Spam” triggered only thoughts of ham colored luncheon meat packed into a cost effective brick shaped can. Now, say the word “Spam” and you’re much more likely to think of the never ending stream of porn, pill, and get rich quick scam e-mails which flood our inboxes 24 hours a day, 7 days a week. So problematic has the issue of unsolicited e-mail become that the United States Federal Trade Commission created the CAN-SPAM Act. An acronym for “Controlling the Assault of Non-Solicited Pornography and Marketing,” CAN-SPAM sets forth a variety of guidelines for businesses to follow when sending out e-mail communications to current and prospective customers with the intention of eliminating Spam e-mail messages originating from commercial entities. Summarized, these guidelines aim to ensure commercial e-mails:
Include company relevant information such as a valid physical postal address.
Ensure advertisements sent on the behalf of a company by a third party fully comply with the law.
Clearly identify the message as being an advertisement.
Do not use false, mis-leading, or deceptive “From” or “To” information or subject lines.
Include, enable, and honor a mechanism to opt out from future e-mail advertisements from the represented company.
Properly adhered to, these guidelines are a great addition to both businesses and their customers; as these mechanisms provide an additional layer of trust between both parties, thereby giving customers further incentive to shop again with the business in question. However, as with many well intentioned systems, opportunities abound for major abuses of the CAN-SPAM guidelines . . .
The biggest problem with CAN-SPAM ironically lies in the most useful part of the guidelines: the “opt out mechanism.” Commonly represented by an “Unsubscribe” link prompting you to click if you wish to opt-out from future commercial communications, this link can be easily exploited by unscrupulous characters to wreak havoc on an unsuspecting users’ computer through cloaked links leading to phishing scams, virus laden files, scareware sites, and other varieties of malware infection. Lower level spammers could also use the link as a way to confirm the validity of an e-mail address to be spammed with more junk mail in the future or, less nefariously, use the link to re-direct you to a legitimate product or service in hopes of collecting affiliate commission revenue from any purchases you make.
So, how can you defend yourself against spam emails with possibly fake CAN-SPAM “Unsubscribe” links? Simple, treat even those emails which contain a CAN-SPAM disclaimer just as you would any other piece of suspicious email by following one or more of these options:
Option 1. Verify the Senders’ address – Set your email program to show both the “From” and “Reply To:” addresses when reading email. A legitimate e-mail should show an address which you trust in both fields. If one is different from another, you may want to email the IT department of the sender to verify the emails legitimacy.
Option 2. Before clicking “Unsubscribe,” check the link – In many email programs, hovering over a link displays the website location it points to. Compare this address to the address in the “From” field from Step 1. If the two do not reasonably match up (i.e. the “From” address is firstname.lastname@example.org, but the unsubscribe links takes you to paaypally.oh.no/abcd1234/xxd.exe) delete and ignore the message immediately.
Option 3. Make sure your antivirus and anti malware programs are up to date – Comodo Anti Virus, Norton, McAfee, AVG, etc. have many options to prevent your machine from being taken over by malicious software, particularly those that attempt a stealthy install via booby trapped emails or websites.
Option 4. Turn on your Filters – If everything looks legitimate, but something just doesn’t seem right, set up your email program or service to put emails of this type into a folder to be further investigated at a later time, or simply deleted form your inbox altogether. If you don’t see it, you can’t click it, and you won’t need to worry about it infecting your machine.
Option 5. Visit the official company website – If the email claims to be from a legitimate company with which you have had business dealings with before, visit their official website and look for a method to unsubscribe from any future mailings. Most legitimate companies will provide this option to its customers who have signed up with them online via a user account control panel or similar interface. If you cannot find such an option, consider emailing their technical support staff directly for instructions.
As you can see, if you too wish to can spam from your inbox, you may be better off ignoring CAN-SPAM altogether!