×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

When Does Signing Up Become 'Opting In?'

Soulskill posted more than 2 years ago | from the give-an-inch-and-they-take-a-mile dept.

Spam 151

AmyVernon writes "This piece from RWW got me thinking about whether, when you sign up for access to a site, you're actually signing up to get a slew of email spam from them. The single opt-in is still really popular, which I've noticed because I often check the box indicating I don't want further emails from a company or publisher. I always assume that giving my actual email address means I'm going to get spam-type emails from whomever. It still surprises me that most people don't. But it does raise a good question: Shouldn't you be able to sign up for something without automatically being signed up for a never-ending stream of 'updates?'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

151 comments

They now have a vested intrest in not spamming (2)

giorgist (1208992) | more than 2 years ago | (#37451794)

Simply put, if they spam you and you click them as so, then even their legitimate emails will end up in other peoples spam folder.
If they are a little agresive in sending you emails without a easy way to opt out ... SPAM

 

Re:They now have a vested intrest in not spamming (1)

Anonymous Coward | more than 2 years ago | (#37451894)

It quite clearly states "Check this box to add yourself to our Opt-In Exclusion Removal Preference list".

Re:They now have a vested intrest in not spamming (5, Interesting)

Opportunist (166417) | more than 2 years ago | (#37451898)

This is very, very slowly getting through to the managers, though.

I had a boss not too long ago who simply assumed that everyone who ever bought a product wants to get our newsletter. I warned him that we might end up on blacklists, he chose to belittle my being a scaredy-cat and ignore me.

Last I heard is that he's fighting a losing uphill battle to get off the various spam blacklists because NONE of his emails get to their recipients anymore, and he noticed that it's not building trust in a company when you have to phone a possible business partner who has a commercial spam filter to tell him that he has to dig through his spam for your mail.

Re:They now have a vested intrest in not spamming (1)

FireFury03 (653718) | more than 2 years ago | (#37453254)

This is very, very slowly getting through to the managers, though.

I had a boss not too long ago who simply assumed that everyone who ever bought a product wants to get our newsletter. I warned him that we might end up on blacklists, he chose to belittle my being a scaredy-cat and ignore me.

Last I heard is that he's fighting a losing uphill battle to get off the various spam blacklists because NONE of his emails get to their recipients anymore, and he noticed that it's not building trust in a company when you have to phone a possible business partner who has a commercial spam filter to tell him that he has to dig through his spam for your mail.

Unfortunately most businesses seem to realise this is going to be a problem, and rather than not sending spam in the first place, they just ensure it comes from different mail servers and a different domain to their normal operations.

Re:They now have a vested intrest in not spamming (1)

CodeBuster (516420) | more than 2 years ago | (#37453544)

rather than not sending spam in the first place, they just ensure it comes from different mail servers and a different domain to their normal operations.

Even this has long since ceased being effective. Most legitimate hosting companies will cut off violators of their "terms of service" which generally include rules to the effect that sending out unsolicited emails (i.e. spam) from their address ranges is grounds for termination of contract. Look at it from their prospective, if even a few of their clients did this SpamHaus and others would very quickly black ball their entire address range so that all of their customers would see their outbound emails black-holed. The so-called "bullet proof" hosts are generally located overseas and have poor connections and worse reputations; they are also black balled regularly. In fact, many smaller businesses still blacklist all email coming from Asian countries and especially from China and Russia. The only way to reliably send mass email anymore is via botnet and even that is becoming more difficult due to effective counter-attacks on command and control servers and better client side Bayesian filtering. Spam is a losing game these days and only stupid managers send spam or hire spammers to do it for them.

Re:They now have a vested intrest in not spamming (1)

FireFury03 (653718) | more than 2 years ago | (#37453626)

Spam is a losing game these days

My inbox will contest that. I get spam from some pretty reputable UK companies, despite the fact that it is illegal.

These days whenever I hand out an email address I suffix the user-part with the domain name I'm signing up to so I at least know who's responsible for the spamming. I *never* tick the "please send me emails" boxes (and similarly I always tick the "please don't send me emails) boxes. Despite this, I do get a lot of spam from companies I've legitimately handed my address too - my response it always to set up procmail rules to forward the spams directly to the contacts listed in that domain's whois. I have no idea if this ever helps to educate people.. I do know that it resulted Devere adjusting their mail servers to completely block my server rather than removing me from their spam lists (a company I have never had any dealings with, and due to their apparent propensity to buying email lists from other companies and spamming them, they will remain a company I have no dealings with).

Additionally, when complaints are filed with the information commissioner, the result tends to simply be a sternly worded letter. It does seem to me that there is no point in having these laws (and no point in anyone respecting them) when the result of breaking them is nothing more than a slight telling off.

For example, Asda signed me up to their email lists after I bought something on their website, despite me unticking all the boxes saying they could do so. To make matters worse, their unsubscribe system was broken (I had signed up with an email address that had a "+asda" suffix. Their signup system accepted it as a valid email address, but unfortunately their unsubscribe system rejected it as invalid because it had a + in it). I contacted Asda and they ignored my emails, so I made a complaint to the information commissioner. This resulted in them getting a sternly worded letter and they removed me from their lists... but they weren't punished for any of these abuses.

Similarly, a more serious incident (not involving email this time) showed that the information commissioner's office is basically worthless: When I had been shopping around for car insurance quotes, one of the companies I got a quote from illegally sold my details to an ambulance chaser. I got a call from the ambulance chaser who basically repeatedly lied about why they were phoning me up (stating that they were calling from my insurer because they just wanted to clear up some paperwork regarding an accident that happened 2 years ago). Eventually it transpired that they wanted me to make a fraudulent personal injury claim regarding this accident. They refused to tell me where they had acquired my details from. So I complained about them to the information commissioner, who told me they had sent the ambulance chaser a sternly worded letter... They didn't help in figuring out where the data had been acquired from - they told me that I should make a data protection request from the company in writing. I didn't bother because I knew that the chances are that the company wouldn't respond to the request, I would have to complain to the information commissioner again who would send them another "sternly worded letter" and it would basically end up going nowhere... Honestly, what is the point of having these laws if no one is ever punished for breaking them? I'm sure if I broke into someone's house and nicked their telly I wouldn't just get a "sternly worded letter"....

Re:They now have a vested intrest in not spamming (1)

dkf (304284) | more than 2 years ago | (#37453696)

My inbox will contest that. I get spam from some pretty reputable UK companies, despite the fact that it is illegal.

There's two different types of spam. One is commercial email that is sent legitimately but which you don't want, and the other is the stuff that is being sent by the true mass spammers which uses false identities. The former, you can block with your email client just fine because it's not pretending to be anything or by anyone other than the truth. The latter, that merits the use of real anti-spam services (block lists, etc.) While yes, you don't really want either, it's the latter which is a deep problem (the former is just advertising, and has more in common with irritating ads on websites than criminality).

Re:They now have a vested intrest in not spamming (4, Insightful)

FireFury03 (653718) | more than 2 years ago | (#37453800)

There's two different types of spam. One is commercial email that is sent legitimately but which you don't want

I would argue that if they autosubscribed me without asking, or actively ignored the preference I made when I signed up (both of which are illegal in this country) then it is not "sent legitimately". True, they tend not to fake the sender, but they are indistinguishable from spam sent from false identities (at least, not trivially distinguishable), and you therefore can't trust the "unsubscribe" link will actually unsubscribe you rather than harvesting your address (also, would you trust such a link if the sender had previously ignored your preferences anyway?).

In the other hand, in some cases there is a real problem with sending spam. I have in the past dealt with a bank (who I closed my accounts with then they started with this) who took to emailing me with marketing. The emails came from a domain that wasn't identical to their normal domain and instructed me to follow a link to a website which, again, wasn't their normal trading domain. The email told me that I could verify that it was legitimate because it contained some trivial PII (I think it was the first half of my postcode, or something similar... basically something that pretty much anyone could find out). So there are 2 problems here:
1. The bank is teaching people that they can authenticate an email based on some very spoofable details instead of securely signing it using a readily available, standard and widely supported technology such as S/MIME.
2. The bank is teaching their customers that it is ok to follow links in emails to random websites claiming to be their bank but being served from a domain that isn't recognisably the bank's own domain.
Whilst the website in question was purely marketing and didn't ask for any personal details, it strikes me that it was a little too close to what phishing looks like and that teaching the general public that they can expect their bank will communicate in this way is a Bad Thing... A good chunk of the public don't have a good enough grasp of security to consider the difference between this and a phishing mail.

Re:They now have a vested intrest in not spamming (0)

Anonymous Coward | more than 2 years ago | (#37453658)

sadly, it is still very effective.

the separate domains & mailservers are typically hosted and managed by a 3rd party spam enabler (Emailvision, Mailsolution and their ilk) and are therefore outside the offending company's hosting pool & IP range.

furthermore said enablers are also extremely good at having their managed domains un-blacklisted, g-d knows how they do it.

Re:They now have a vested intrest in not spamming (1)

mrfaithful (1212510) | more than 2 years ago | (#37453588)

This is very, very slowly getting through to the managers, though.

I had a boss not too long ago who simply assumed that everyone who ever bought a product wants to get our newsletter. I warned him that we might end up on blacklists, he chose to belittle my being a scaredy-cat and ignore me.

Last I heard is that he's fighting a losing uphill battle to get off the various spam blacklists because NONE of his emails get to their recipients anymore, and he noticed that it's not building trust in a company when you have to phone a possible business partner who has a commercial spam filter to tell him that he has to dig through his spam for your mail.

Unfortunately most businesses seem to realise this is going to be a problem, and rather than not sending spam in the first place, they just ensure it comes from different mail servers and a different domain to their normal operations.

If you are a business you HAVE to. From the start I made my mailing list completely opt-in. That doesn't stop AOL users from using the spam button instead of the prominent link at the top that gracefully removes them from the list. You can't have customers not receiving order confirmations or order updates or have business email blackholed because some webmail users decide they don't want your mail anymore.

Re:They now have a vested intrest in not spamming (4, Insightful)

Kjella (173770) | more than 2 years ago | (#37453622)

If you are a business you HAVE to. From the start I made my mailing list completely opt-in. That doesn't stop AOL users from using the spam button instead of the prominent link at the top that gracefully removes them from the list. You can't have customers not receiving order confirmations or order updates or have business email blackholed because some webmail users decide they don't want your mail anymore.

Blame that on all the asshats sending spam who take a link to opt out as a confirmation that your email address is live and proceed to sell it to ten more spam lists. Simple people need simple rules so the rule became to always click the spam button and never any opt out link. To fix this you'd have to fix the email system so we can tell the real opt-ins from the linkbait.

Re:They now have a vested intrest in not spamming (0)

Anonymous Coward | more than 2 years ago | (#37452324)

And more than that, the current state of social media makes it so that ventures who excessively spam will be blackballed faster than they can get off the ground. I think that's the one area where social media really is giving a leg up for the masses. The ability to brand an entity as useless, troll, or spam faster than it can grow. It's kind of like anti-trojan.

Re:They now have a vested intrest in not spamming (-1)

Anonymous Coward | more than 2 years ago | (#37453978)

Simply put, if they spam you and you click them as so, then even their legitimate emails will end up in other peoples spam folder.
If they are a little agresive in sending you emails without a easy way to opt out ... SPAM

You agreed to get the emails, they are therefore NOT spam so quit using that button, asshole.

The article poses the question of "Shouldn't you be able to sign up for something without automatically being signed up for a never-ending stream of 'updates?'"
Which is just another way of saying "I want to sign up for a service but don't like the conditions they require. Shouldn't I be able to force them to let me join anyhow? The answer to which is "NO".

Don't like the emails, don't sign up for the service. End Of Story.

(Or if you're not a complete fucking retard, figure out how to setup a second email to give out to all those mail-happy companies.)

Re:They now have a vested intrest in not spamming (1)

Attila Dimedici (1036002) | more than 2 years ago | (#37454496)

Absolutely, if a site I want to visit requires me to give it my email address in order to look at its content and does not give me the option to choose not to recieve emails from them (and they are not a site I want to receive emails from), if I get emails from them, I click on the spam link. On the other hand, unlike many people I work very hard to remember that I intentionally asked a company, or organization, to send me email before I click spam. If I chose to receive email from a company and realize that they are sending me more email than I want to receive from them I will clik on the unsubscribe link in the email. The one exception to my rule about using the unsubscribe feature for emails I signed up for on purpose are emails from companies that offer a discount for giving them my email address.

Meh (2)

Mashiki (184564) | more than 2 years ago | (#37451798)

In Canada unless it's clearly defined it's a privacy violation to do so. It's also a privacy violation in Germany, and I believe California. Signing up != A business relationship. So marketers take heed. Just because you can do something, and haven't been sued yet. Doesn't mean you won't. It just means that people can't afford to do so, or they don't care enough right now.

Re:Meh (1)

msobkow (48369) | more than 2 years ago | (#37452628)

I've never had a problem with any websites spamming me if I remember to opt-out. It's annoying that they default to opt-in when you're entering your info, but even if you forget to opt-out they usually make it easy to correct the problem (though it may take a day or two for the server to catch up.)

I'm actually having the direct opposite problem right now -- I can't get the freeswitch.org list servers to accept my home account as well as my work account. I think the server is seeing the same name and skipping the second registration.

Re:Meh (1)

dwillden (521345) | more than 2 years ago | (#37453030)

Which is the my current big complaint. You initially choose to get their email, or forget to opt-out, it only takes an instant at sign up to get the email rolling in, but choose to unsubscribe and you get taken to a page that says "Sure we'll unsubscribe you, no problem, it'll take three or four business days to do so." WHY?

Why when it only takes a single click to start the spam flowing does it take three days to get it to stop? Especially since we all know there is no human intervention needed to stop it. IT should be instantaneous. But no they somehow think if they keep sending it for a few more days you'll somehow change your mind about wanting their crap?

So now as soon as I've unsubscribed, any additional emails from that sender get sent to the spam filter.

Re:Meh (1)

bornie (166046) | more than 2 years ago | (#37453070)

Three days? That is fast!
I once was told that it would take three weeks for me to be unsubscribed, with a few mails each week. If I had known that I would be spammed so much I would have shopped at another site.

And I hate being forced to log on to unsubscribe! It should be possible with only a link in the mail.

In Germany? Bah, try Tropico 4 ... (0)

Anonymous Coward | more than 2 years ago | (#37452954)

Tropico 4 [wikimedia.org] is a game published by german Kalypso Media [wikimedia.org] and requires you to a) register with an email at kalypsomedia.com and b) log in with those credentials every time you want to play. There is no option to NOT receive their "updates" (you cannot opt-out later either!) and other spam mails and they do not reply to questions regarding this issue ... If it's a privacy violation in Germany, apparently most culprits get away with it.

Re:Meh (0)

Anonymous Coward | more than 2 years ago | (#37453330)

That seems to be the case in all of EU as well. The law is basically that you have to *explicitly* allow your email to be used for marketing purposes, newsletters, etc. There are a few exceptions, like emails required to complete a business transaction (delivery problems etc). The same law applies to junk faxes and text messages. There have been some considerable fines, at least here in Denmark.

Re:Meh (-1)

Anonymous Coward | more than 2 years ago | (#37454106)

Signing up != A business relationship.

And the law in the US disagrees with you, as do most rational, sane people. You are signing up for a service, one of the conditions of the service is to either receive the email or take a very minor action to opt out of it. Now you're bitching about the conditions. Instead of blackballing the entire server that company happens to use, which generally also serves other customers, either stop using their services or figure out how to deal with the junk mail.

Yes, you should. (1)

cmv1087 (2426970) | more than 2 years ago | (#37451800)

But it won't happen, at least not anytime soon. They make too much money right now.

You really should also be able to explicitly tell them not to sell your personal information to other companies and have them actually follow through with not doing that, but it doesn't look like that will actually happen anytime soon either despite the victories won by privacy advocates. Too many people just don't care as long as they're not being physically inconvenienced.

Protip (1)

Anonymous Coward | more than 2 years ago | (#37451850)

Sign up using a throwaway account that is name-related to the site you are signing up to. That way you will always know who are the ones that send you spam, or sell your address to spammers.

Re:Protip (1)

lintux (125434) | more than 2 years ago | (#37451918)

A special e-mail account for every account I create? So whenever I create an account, I create two? :-)

I'm using a catch-all domain for this. Works pretty well too.

Re:Protip (1)

rtfa-troll (1340807) | more than 2 years ago | (#37452826)

Try spamgourmet [spamgourmet.com] . It's really neat because the act of signing up can automatically create the email address for you. After that you get to know for sure exactly which services sell on your email address. I've been surprised (I only found two so far; they weren't ones I expected; it seemed to be due to a security problem).

The advantage over a catch-all domain is that it has all sorts of mail handling features like auto-expiring the address if they start to spam; re-instating the address if it turns out they are sending useful info; allowing email to an address only from an address etc. etc.

Re:Protip (1)

HTH NE1 (675604) | more than 2 years ago | (#37453468)

A catch-all is fine if your domain isn't attractive to spammers to use for their outgoing mail. I had to convert one of my two domains away from being a catch-all because of a certain movie being released with the same name became attractive to spammers. I don't even accept e-mail via a webmaster account for the site anymore. At peak volume, my ISP actually disabled my procmail spam filter because it was using too much CPU on their system, replacing my .procmailrc file with a copy with permissions against my editing or removing it.

I've found most businesses I deal with don't spam or distribute my e-mail address. The only exceptions so far has been one company who had their product cease-and-desisted (and apparently sold their e-mail list to recoup their legal costs, which led to spam for similar software, and eventually to multiple attempted botnet infections per day), a political e-mail list that not only did not honor unsubscribe requests but also data-mined a new address for me when I closed the original address I'd given them (at a caucus at which I barely participated), and a rebate fulfillment company that not only provided the alternate address to the political mailing list (directly or indirectly) but also never fulfilled my rebate. Those three usernames now come up as undeliverable.

So yeah: software with legal troubles, political groups, and rebate services are three things not to give your e-mail address.

Yet other, more reputable companies will also try to acquire e-mail addresses through recovery services if you opt out of giving them an address. I had unsolicited e-mails from two businesses I'd done business with previously arrive on the same day, both to addresses I had not given them. Neither one has continued, but only one apologized.

Re:Protip (1)

xelah (176252) | more than 2 years ago | (#37453894)

A catch-all is fine if your domain isn't attractive to spammers to use for their outgoing mail.

I've found that once spammers start forging your domain and those forged e-mails start turning up in people's inboxes, other spammers then pick those sender addresses out of those inboxes and use them as targets for spam. Argh!

Re:special e-mail account (1)

TaoPhoenix (980487) | more than 2 years ago | (#37453500)

I just use a special email account for all businesses that I expect TurboMails from.

In a way it's so simple it's easy - it's easy to remember when you're on the spot signing up for stuff, and you know there's nothing "important" there. So you just let them all fight it out.

"You have 1422 new mails!"

So what? They're all corralled in the email-box resembling Montana. Radio Shack, Groupon and more.

Re:Protip (1)

nospam007 (722110) | more than 2 years ago | (#37452442)

Just use mailinator.com to sign up.

Just enter whateveryouwant@mailinator.com and go check the sign-in confirmation at mailinator.com and you're done.
No need to create a special mail address first or to use a spam-me address where you'll have to wade through hundreds of spam emails to find the right sign-in one.

Re:Protip (1)

wagnerrp (1305589) | more than 2 years ago | (#37452640)

I've started proactively blocking mailinator.com, and any other domain I find that forwards their MX to them, on a wiki I administer. For every one legitimate user signing up, I have fifty more who are just generating spam accounts. Considering one sixth of all users ever make a single edit, and one twentieth make five or more, anyone who's going to stick around and become a meaningful contributor is likely to be willing to give a real address.

Re:Protip (1)

nospam007 (722110) | more than 2 years ago | (#37453238)

"anyone who's going to stick around and become a meaningful contributor is likely to be willing to give a real address."

A 'real' address? You mean they create an alias that they delete after having signed up?
That's what I do for the few sites who block mailinator com and their associates.

Re:Protip (0)

Anonymous Coward | more than 2 years ago | (#37452852)

Correct!

Whenever I sign up to something online, e.g.: uber-shopping.com, I always use an e-mail address containing their domain name (e.g.: uber-shopping.com@mydomain.com). Not only does this allow stuff to be rule filtered when it comes in, it can be /dev/nulled easily if compromised by spam and shows you which companies share their mailing lists... or just have really crappy security.

You've also been able to do something like this with Gmail for a few years now, so if you don't have your own domain name you can register username+ubershopping@gmail.com to get similar benefits (smart spammers will obviously just use the username).

Re:Protip (3, Informative)

Demonoid-Penguin (1669014) | more than 2 years ago | (#37453056)

Sign up using a throwaway account that is name-related to the site you are signing up to. That way you will always know who are the ones that send you spam, or sell your address to spammers.

gmail accounts don't care about dots in your email user name - which makes it easy to tell who leaks your email address to spammers. Eg. sign up to gmail and dickhead@gmail.com - then sign up to slashdot as dick.head@gmail.com. All spam addressed to dick.head@gmail.com came via slashdot. NOTE: slashdot doesn't sell email addresses - but I certainly caught companies doing using this technique.

Re:Protip (2)

AliasMarlowe (1042386) | more than 2 years ago | (#37453382)

Eg. sign up to gmail and dickhead@gmail.com - then sign up to slashdot as dick.head@gmail.com. All spam addressed to dick.head@gmail.com came via slashdot.

Richard Head probably didn't want his gmail address spewed around, you inconsiderate clod!

Re:Protip (1)

Kjella (173770) | more than 2 years ago | (#37453666)

The problem with this approach is that once you get spammed you'll continue to get spammed (getting off spam lists is impossible once you're on one of the bottom feeding v!4gr4 lists), unless you set up special block rules. I like yahoo's throwaway addresses, you can have up to 500. If I get spammed, I chew out the ones who spread it then delete the address. It's a very simple and very final solution, only wish I'd used it earlier because my email already has a degree of spam from the "old days", plus various stupid people that cc 100 people at a time so it gets spread far and wide.

Disposable address (1)

Orgasmatron (8103) | more than 2 years ago | (#37451854)

Assume that every email address you give out is going to get spam, so use different ones in different places.

When the inevitable spam starts, make the decision. Do you believe that this entity is likely to respect unsubscribe requests? If so, hit unsubscribe. If not, forward to /dev/null.

The practice is so damn common now, that no matter how much it pisses you off, you have to understand that the other guy has no idea that you think he is a worthless scumbag. You really can't buy from anyone online without them assuming that you want to hear about their specials every week until the end of time.

Oh, and an added bonus: if their customer database ever gets leaked, you only need to ditch the one throwaway address and update your info with just the one site.

There are other variations too, for example I have two main work email addresses. One is the one I use and give out, the other is on the website. As far as I can tell, the one on the website has never ever been legitimately used. 100% of email to that address is spam. Because of the nature of my job, I give people quite a bit of leeway when it comes to harvesting that address and adding it to their spam lists. But if I recognize the source, like if they send more than one email every few weeks, that entire domain/spam service goes in the permanent block list.

Re:Disposable address (1)

afidel (530433) | more than 2 years ago | (#37451974)

I do this to some extent, I use the name+company@gmail.com trick to sign up when their form will allow it, otherwise I make a blanket assumption that they are going to spam me (since their developers can't read an RFC) and give them my spam catcher account which I only ever check when I'm expecting a response from a web form =)

Re:Disposable address (1)

mrclisdue (1321513) | more than 2 years ago | (#37452060)

+1 to this.

I tell everyone with a gmail to do this with every single account they create; this enables them to determine who's invading their email space....

cheers

Re:Disposable address (1)

whoever57 (658626) | more than 2 years ago | (#37452144)

I use the name+company@gmail.com trick to sign up when their form will allow it,

I use this also, but far too many websites won't accept it. I run my own email domain, so if I want to sign up, I just create a <me>_<company>@<my domain> alias.

I even came across a website that would not accept a "." at the end of the domain part of an email address, which is surely valid.

Re:Disposable address (1)

shentino (1139071) | more than 2 years ago | (#37452264)

Sadly I've seen web forms get wise to this thing and reject that syntax.

Spammers are getting smarter.

Re:Disposable address (1)

geekboybt (866398) | more than 2 years ago | (#37452508)

You know, I hear of this solution constantly. If I were a spammer (and I can assure you I am not) that's constantly tweaking my messages to go through Bayesian filters, why would I not run my address list through something that removed "+something" from the mailbox portion of the address? Seems like the easiest trick in the book, especially when you've lifted the addresses from a database without permission.

Re:Disposable address (0)

Anonymous Coward | more than 2 years ago | (#37453392)

People don't necessarily know this trick from the moment they sign up, so any spam they've been getting from back then will already be going to name@gmail.com.

Now, imagine that someone actually WANT your newsletters. They've have signed up to receive them at the whitelisted address name+yourcompany@gmail.com, and you just stripped away the whitelist keyword, and went into the same folder as the spam they've been receiving for years.

Re:Disposable address (1)

Barefoot Monkey (1657313) | more than 2 years ago | (#37453674)

I do this to some extent, I use the name+company@gmail.com trick to sign up when their form will allow it, otherwise I make a blanket assumption that they are going to spam me (since their developers can't read an RFC) and give them my spam catcher account which I only ever check when I'm expecting a response from a web form =)

The problem with that trick is that your regular email address (name@gmail.com) is revealed. Spammers will just ignore everything after the +. You can make it more effective by taking into account the fact that gmail lets you put dots almost anywhere in your name. For example, register my.name@gmail.com and use it for communicating with your friends but never use it for signing up to websites - when you do that put the dot somewhere else (myn.ame@gmail.com, for example). Then create a filter that blocks everything except my.name@gmail.com and myn.ame@gmail.com to catch out sites that try to strip the dots. If you're willing to put in the effort you can use then more filters on myn.ame@gmail.com based on plus-addresses and senders.

Re:Disposable address (1)

Burdell (228580) | more than 2 years ago | (#37452140)

It also allows you to see who sold your email and/or who has been compromised. I have a personal domain for email, and I use a different address for just about everything (and they're usually pretty unique, so not found by address harvesting). I am now getting a lot of spam at the address I gave to Linux Journal; since they went online-only and I cancelled my subscription, I killed that address.

I also had a year of free credit monitoring with one of the "big three" credit agencies (due to somebody else's database compromise), and now (shortly after the year passed and I didn't agree to pay for continuing monitoring) that address is getting spam. Either they sold it, or their database has been compromised. Either way, it gives me SUCH a good feeling about their reliability!

Re:Disposable address (0)

Anonymous Coward | more than 2 years ago | (#37452476)

Mailinator has a firefox plugin. :) just my suggestion.

Spamgourmet.com - disposable addresses (1)

MCRocker (461060) | more than 2 years ago | (#37452554)

I use spamgourmet.com [spamgourmet.com] for disposable email addresses.

Among other things, spamgourmet lets you set the number of messages that can be sent, so it can be useful for things like placing an order where you need to register, get an email with a link to validate your email address and then get an order confirmation and a few tracking status emails, but then stop accepting anything after that.

It doesn't catch as many bad actors as I thought it would, but when they do misbehave, it's kind of cool to see the number of deleted messages that never filled my inbox.

They also have it set up so that it you can reply to messages routed through spamgourmet without giving away your real email address. There's also an alternate domain so that when you're dealing with an actual human being they won't be freaked out by an email address that has the work "spam" in it.

Re:Spamgourmet.com - disposable addresses (1)

wagnerrp (1305589) | more than 2 years ago | (#37452662)

Sadly, these disposable addresses are used far more by spambots than by legitimate users attempting to avoid spam.

Re:Spamgourmet.com - disposable addresses (1)

rtfa-troll (1340807) | more than 2 years ago | (#37452854)

I think Spamgourmet is pretty determined in blocking this. Do you have an examples? Have you reported this to them? (or their forum?)

Re:Spamgourmet.com - disposable addresses (1)

wagnerrp (1305589) | more than 2 years ago | (#37452992)

Looks like I need to retract that one. None of the handful of users signed up through spamgourmet have been banned due to spam, of course none of them have made more than a single minor edit either. The real culprits are things like mailinator or mytrashmail, and I had added spamgourmet to the list after skimming the list of email domains and assuming them to be set up the same.

Re:Disposable address (0)

Anonymous Coward | more than 2 years ago | (#37453028)

Try mailinator.com too, you can have as many disposable addresses as you want there. It is so easy to use too, every email address at one of their dozens of fake domains is a legitimate email. Of course anyone can access any mailbox, but you wouldn't use it for anything sensitive anyways.

Re:Disposable address (1)

scsirob (246572) | more than 2 years ago | (#37453278)

I have a domain that I use to receive email on. The main email box does not get used at all for incoming our outgoing mail, ever.
When I need to sign up to a website (eg www.somesite.com) then I create an alias somesite@mydomain.com and forward it to my regular inbox. I always opt out of newsletters and other stuff. If I ever get spam addressed to somesite@mydomain.com, I know that somesite does not respect my opt out, has been hacked, or their database has been abused. That's the last time I did business with somesite, and the alias disappears.

Re:Disposable address (0)

Anonymous Coward | more than 2 years ago | (#37454078)

... until someone decides to send your nice cosmetic-looking email that you never give away an e-card, or worse, joins linkedin.

Spam is why they want your email address. (1)

Macdude (23507) | more than 2 years ago | (#37451886)

They are only asking for your email address so that they can sell it to spammers and spam you themselves.

Use http://www.mailinator.com/ [mailinator.com] and thwart their evil plans...

Re:Spam is why they want your email address. (1)

Fnord666 (889225) | more than 2 years ago | (#37452176)

I use mailinator if I think I will need to contact a company down the road. If they want my address just so I can view a post in a forum or download a file, I use Ten Minute Mail [10minutemail.com] . The email address lasts just long enough to receive a confirmation email and hit the confirmation link. After ten minutes it goes poof. Ten minute mail also rotates their domain regularly so they tend to stay in front of the sites that may block mailinator addresses.

Re:Spam is why they want your email address. (1)

Mr. Underbridge (666784) | more than 2 years ago | (#37452596)

Well, a number of reputable sites also use email to authenticate users, provide a means of recovering lost passwords, and to avoid the dance where users try to find a valid username.

And to spam.

hotcopper.com.au disables your account (0)

Anonymous Coward | more than 2 years ago | (#37451900)

With hotcopper.com.au (Australian trading forum) you have to opt-in to spam, if you opt out they actually disable your account!

Re:hotcopper.com.au disables your account (0)

Anonymous Coward | more than 2 years ago | (#37452802)

Sounds like a perfectly reasonable business practice to me.

If they make money to pay for the service you're using by spamming you and its illegal send unsolicited spam (I assume aussie has those laws) then why should they waste resources on you for nothing in return?

Author's never heard of SPAM? (0)

Anonymous Coward | more than 2 years ago | (#37451996)

Of course your consent must be specifically given to receive advertising emails otherwise it's called spam and yes there are laws against it. The author and the entire article aren't aware of the definition of spam. Registering on a website does not automatically give the owners of that site permission to email you in any way other than policy changes that might affect your data on their server. It's been that way for quite a long time. Originally I believe guestbooks were the reason why some companies started doing that. Since then we've instituted laws against having companies abuse the data users give them.

This article seems like it belongs in the 1990's not 2010's.

Article and post define "sign up" very differently (1)

TimTucker (982832) | more than 2 years ago | (#37452498)

The original posting talks about "signing up" in the general context of creating an account on a site.

The article, however, seems pretty clear in talking about "signing" up to receive emails. (And very clearly puts forward that "no option == spam")

Looking at the two modes of failure for a user receiving emails you can have:
- False positives: user starts receiving email, but doesn't want it
- False negatives: user doesn't get any email, but does want it

The main debate in the original article boils down to:
- Single opt-in results in fewer false negatives, but more false positives
- Double opt-in results in fewer false positives, but more false negatives

At which point the question is one of whether it's better to optimize for fewer false positives or fewer false negatives.

In the context of the original article, if someone is signing up to receive emails, both of the following situations will lead to the original user not receiving the emails that they requested:
- If they misspell their address and the email goes to someone else
- If they enter a different address purposefully and it goes to someone else

For the user signing up for messages, the opt-in message isn't something they specifically wanted -- it's a barrier that prevents them from getting what they wanted (as such, a double opt-in request could be seen as a false positive). For someone whose email was entered in a form by someone else, any message they receive may be seen as a false positive (including a double opt-in request).

never give them your main email (1)

Ralph Spoilsport (673134) | more than 2 years ago | (#37452014)

If it's so important that you want it, then it's good enough for your "spam email" address. I've had one for years - works like magic.

Example: my real email could be (but isn't) RalphSpoilsportMotors@gmail.com. My SPAM email could be (but isn't) RalphsSpambucket@Gmail.com.

They get their email address, I get their content sans bullshit and every one is happy.

Now, how hard is THAT?

RS

Re:never give them your main email (1)

Anonymous Coward | more than 2 years ago | (#37452094)

An alternative I use (if you don't mind spending a couple bucks a year) is to own a domain. It doesn't need to be hosted anywhere, and it can be whatever you want. (Bonus points for being able to sign up at forums/sites that won't allow free email accounts!)

Sign up for Google Apps (free) and follow the simple steps to get your domain set up for email. Make your real email address that you only give out to real people, then make one called "catchall@yourdomain.com" - or anything you like, really. Now, in the email settings, you can have that email (catchall) receive *ANY* emails that aren't sent to a legitimate address on your domain.

So if I sign up for say, Slashdot, my email I use to sign up is slashdot192@mydomain.com. Any email they sends me goes to catchall@mydomain.com, and by looking at the 'to' header, I can figure out who has been selling my email address. :) It's pretty incriminating when spam emails come in addressed to "shoprite158@mydomain.com", or "autozone563@mydomain.com'. (I use the number on the end to make sure some bot isn't just randomly sending out emails to common possibly names at any domains in the registrar)

Re:never give them your main email (1)

llzackll (68018) | more than 2 years ago | (#37452206)

I do that, but now realize it's pretty much pointless since I don't use e-mail for any personal correspondence anyways, unless it's my work e-mail. Do people still actually use e-mail outside of work ?

Re:never give them your main email (1)

Serious Callers Only (1022605) | more than 2 years ago | (#37453076)

I do that, but now realize it's pretty much pointless since I don't use e-mail for any personal correspondence anyways, unless it's my work e-mail. Do people still actually use e-mail outside of work ?

Yes, most of the world still uses email. Out of curiosity, what do you use instead?

not a 100% solution (1)

Sunshinerat (1114191) | more than 2 years ago | (#37452380)

The problem is that this does not work for everything.
I fly every week and therefore I receive every week three emails asking me to rate how pleasant the service was from my airline, car rental firm and the travel agent.
Eventhough, I am loyal to these companies, everytime I delete such an email (yes, I do not respond to these quality questionnaires), I hate them a little more...

So a spammebadly@gmail.com will not help me, I need my confirmation emails from these companies.

And yes, a rule in my email client will do the trick, I just do not work that way...

Use a disposable address (1)

aardvarkjoe (156801) | more than 2 years ago | (#37452018)

I use http://mytrashmail.com/ [mytrashmail.com] whenever I need to sign up for anything. Use it finish the e-mail validation that these sites make you do, and then forget about it.

I really wish that Google would build something like that into GMail -- something that would let you create a disposable address that is forwarded to your real address, but then can be easily blocked once you start getting spammed. (No, the "+" addresses doesn't cut it, since it reveals your real address to anyone who cares.)

Re:Use a disposable address (1)

dominique_cimafranca (978645) | more than 2 years ago | (#37452092)

Gmail strips out the "." in email addresses so, for instance, "beetlebailey@gmail.com" and "beetle.bailey@gmail.com" are effectively the same. One advice I heard from before is to give out something like "beetlebail.ey@gmail.com" for signups. Once that becomes compromised, you can automatically filter all messages to that address to trash or spam.

Re:Use a disposable address (1)

lakeland (218447) | more than 2 years ago | (#37452510)

That's much the same as the + trick - there are too many people that know it for it to really hide your email address.

Re:Use a disposable address (1)

1u3hr (530656) | more than 2 years ago | (#37452814)

give out something like "beetlebail.ey@gmail.com" for signups. Once that becomes compromised, you can automatically filter all messages to that address to trash or spam.

And the linkspammers use that too to evade blocks on their accounts.

I admin a forum and review signups. Any that use the dot trick I bin, after checking a few dozen and finding 100% were blacklisted addresses.

Sign up anyway (1)

fluxburn (1278932) | more than 2 years ago | (#37452022)

Spammers are different then companies. They they are in the grey, I typically signup those emails with yahoo or gmail, adding them to the spam list, hurts credibility or you can list them as spam? Typically if they are legitimate they have some way to remove you from email lists, if not...

No (0)

Anonymous Coward | more than 2 years ago | (#37452050)

Shouldn't you be able to sign up for something without automatically being signed up for a never-ending stream of 'updates?'"

Short Answer: NO. Ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha.!!!!!!

It gets worse with a mistakable email address (1)

MattW (97290) | more than 2 years ago | (#37452058)

And if you happen to have a first-initial-last-name type email address at a popular provider, then you get potentially dozens of other peoples' single-opt-in spam. Over 50% of the email I get is addressed to someone other than me. Painful.

No Problem.. (1)

no-body (127863) | more than 2 years ago | (#37452192)

Own mail server with Postfix + 1 email address per vendor && if they send UCE or SPAM, report to SpamCop && disable their email address.
 
No need to deal with creating extra accounts on Gmail or Spammotel.

Script:

vi + /etc/postfix/virtual # dup last line and edit email address

postmap /etc/postfix/virtual

postfix reload

Use aliases to track them (1)

Vrtigo1 (1303147) | more than 2 years ago | (#37452220)

Whenever I sign up for some random site that I'll never visit again, I use an e-mail alias so I can track what they send me, who they're selling my e-mail address to, or who hacked them and stole my information. It's simple enough, just set up a catch-all e-mail address on a domain, then when you sign up for www.uselesssite.com, use the e-mail address uselesssite.com@yourdomain.com. If you start getting a bunch of spam to that address, it's pretty hard for them to refute that they're the cause of it.

Stunning (0, Troll)

kiwimate (458274) | more than 2 years ago | (#37452382)

(Slashdot, some random story about spam) Blah blah blah paragon of virtue morals everyone should do what's right holier than thou...

(Slashdot, some random story about copyright infringement) whine anger pout serves them right greedy thieving fascists yeah it's wrong but *&^% those &^%*# I'll keep on downloading stuff I haven't bought until the day I die (justify blindly, etc....)

Re:Stunning (2)

Jah-Wren Ryel (80510) | more than 2 years ago | (#37453346)

(Slashdot, some random story about spam) Blah blah blah paragon of virtue morals everyone should do what's right holier than thou...

(Slashdot, some random story about copyright infringement) whine anger pout serves them right greedy thieving fascists yeah it's wrong but *&^% those &^%*# I'll keep on downloading stuff I haven't bought until the day I die (justify blindly, etc....)

(Slashdot, some random poster complaining that slashdot users don't all share the same world-view)

(Slashdot, some random poster complaining that his own personal world-view is the only valid world-view, and implying that anyone who doesn't conform is a hypocrite)

Isn't that kind of the agreement? (1)

aiken_d (127097) | more than 2 years ago | (#37452386)

I mean, as long as they are up front about what they'll do with your email address, aren't you essentially agreeing to that in exchange for the service they offer?

This smacks of the old days when people used TV antennas to get "free" TV, and then complained about commercials. If the service isn't worth the unwanted communications, don't use it. But they're under no obligation to give you what you want, on your terms, and subject to your every whim.

Now, places that are dishonest or deceptive about the contract, that's a problem. But most larger businesses are pretty straightforward, and as an adult (right?) it's up to you to make the decision of whether it's worth it.

As a marketer... (2)

lwsimon (724555) | more than 2 years ago | (#37452392)

Single opt-ins suck. Why would you ever want to subject your list that that much "spam" notations? No one wants to see your promotions if they've not signed up for them. If you're running the business right, people will want to open your emails because they provide value.

I use double opt-ins for my online listbuilding, and am very explicit that the user will receive solicitations. I use single opt-in in the real world only, such as when I run a contest dropbox to collect email address to win a prize. Physically writing your email on a scrap of paper is good enough verification for me.

Re:As a marketer... (0)

Anonymous Coward | more than 2 years ago | (#37453376)

I use single opt-in in the real world only, such as when I run a contest dropbox to collect email address to win a prize. Physically writing your email on a scrap of paper is good enough verification for me.

I never use my own email-address when signing up for newsletters in the real world. I use my co-worker's. It's great fun to hear him swear when he receives a new newsletter...

Re:As a marketer... (0)

Anonymous Coward | more than 2 years ago | (#37454492)

Physically writing your email on a scrap of paper is good enough verification for me.

Beautiful - could you send some messages to these spamtraps, please? scribble scribble scribble

jackass.

never give out your real e-mail address (1)

frovingslosh (582462) | more than 2 years ago | (#37452406)

Not associated with the site in any way except as a long time user, but I urge people to set up an account with spamgourmet.com. They will forward your e-mail to your real e-mail address. Not only can you create a unique address for everyone that you have to give an e-mail address to on the fly, but you can disable any of the addresses at any time and you can tell who is abusing your e-mail address. For example, I just checked with spamgourmet and I see that the last 3 pieces of junk mail they discarded were from suxjhb@wzju.com, suidvv@frkm.com and suundq@xcfk.com. More interestingly, the spam was all sent to an e-mail address that I created for and only gave to Equifax. So I know that they are responsible for it, they either sold my address outright or were sloppy about security and had it stolen by an employee or hacker.

I've even had close friends who's accounts were hacked and spammers tried to send out spam to all of their contacts. In such cases you will be glad to know that the person in Nigeria has the address of an account that you can easily disable without completely changing your e-mail account for all of your contacts.

And I should mention that I've never received junk mail from Spamgourmet and to my knowledge I've never had any problems with them revealing the address that they forward to. They even provide a nice mechanism that allows you to "reply" to email sent through them, and the response goes back to them and is sent from their domain, so you don't reveal your true address even if you reply.

Another disconnect between managers and IT people (1)

acidradio (659704) | more than 2 years ago | (#37452494)

This just shows how disconnected the MBAs are from the people who really have to implement it or deal with it. Only managers think that it is good practice to bombard paying customers with crap that they don't really want. It sure looks good on paper or in a Powerpoint, right? Could help get that extra 3% market share!

Re:Another disconnect between managers and IT peop (2)

pspahn (1175617) | more than 2 years ago | (#37452730)

Well duh. They define the entire business model on the idea that each user in their database is worth $x. If they reach a certain amount of users, they will make x amount of money. That disconnection between IT and Management is a two way street.

Some managers don't get it (4, Interesting)

msobkow (48369) | more than 2 years ago | (#37452656)

I worked for a company that had a manager who insisted on sending out a newsletter to everyone in the company customer database. We warned him that was illegal. We warned him that would be spamming.

He refused to listen and ordered the email sent.

The entire company was blocked from sending emails less than 24 hours later.

You should have seen him rant and rave about the importance of getting the emal "fixed." His manager found out about the "newsletter", and fired him on the spot.

Re:Some managers don't get it (2)

Kjella (173770) | more than 2 years ago | (#37453634)

His manager found out about the "newsletter", and fired him on the spot.

At least there's one good manager in this story, he's even the boss of the bad manager. It could be worse...

Re:Some managers don't get it (1)

justleavealonemmmkay (1207142) | more than 2 years ago | (#37453926)

In the military there are provisions against executing illegal orders; how come the operators DID send the mail ? weren't there provisions against this ? How was did Eichmann defense stand ?

Re:Some managers don't get it (0)

Anonymous Coward | more than 2 years ago | (#37454008)

Why didn't you just tape him, and report him to the local police?

well (0)

Anonymous Coward | more than 2 years ago | (#37453270)

It's not so bad if they have a button to say don't get these anymore and it just works.

If I have to enter ANYTHING in after doing this, like logging in or a survey or something retarded like that, they are just blocked.

Easy if you have your own domain... (1)

aaaurgh (455697) | more than 2 years ago | (#37453286)

Each and every site I sign up to gets a unique e-mail address and all my mail goes through both my gmail account and isp filtering.

While I prefer to have the choice to opt out at sign up (and have that choice respected), this method means I can simply update or remove just one e-mail address and stop the problem should a site not respect my wishes.

Adds a tiny admin. overhead to each sign-up but is worth it

pidgin? (0)

migloo (671559) | more than 2 years ago | (#37453498)

"When Does Signing Up Becoming 'Opting In?"

Please translate the title in english.
Thank you.

Disposable addresses (1)

xenobyte (446878) | more than 2 years ago | (#37453560)

This is the way to go.

Several people have already told the virtues of this, which I won't repeat. I do add a little twist because I run my own spamtrap and DNS RBL which I update whenever one of the addresses yields unsolicited newsletters and similar spam. Then that company 's mailservers are blacklisted more or less forever. Basically it works like this:

Each address on the disposable list initially is an alias of my real email address.
If one gets compromised, it is switched to being an alias of the spamtrap instead and every mailserver delivering mail to the spamtrap gets immidiately blacklisted, no matter what.

Mails to the spamtrap bypasses the RBL checks, but mails to regular addresses are checked against my own RBL and a few more, and is refused upfront if listed. The result is close to zero spam. Before this, I got 10-20 spam each day that made it past the regular RBLs and spamassassin.

tro7l (-1)

Anonymous Coward | more than 2 years ago | (#37453586)

= 36440 FreeBSD = 1400 NetBSD And Juliet 40,000 everyH day...Like

Negative Agreement (1)

Z00L00K (682162) | more than 2 years ago | (#37453694)

The way to automatically agree to things and you have to opt out may in some countries be illegal.

This is dying out (slowly, but surely) (0)

Anonymous Coward | more than 2 years ago | (#37453728)

The new startup culture, focuses entirely on user experience, to the point where most innovation being done today is not strictly tech, but UX. Part of UX is to, at all times, strive to provide the user with only exactly what they want. Nothing more, nothing less. This means, you only email or dm the user when they asked you a question, or when something they have asked for is ready. Anything beyond this is spam, and if you send it, you will lose users.

This was not the case 5 years ago, but it is slowly but surely taking hold

Legit businesses aren't the problem (0)

Anonymous Coward | more than 2 years ago | (#37453814)

I don't get spam from companies I've done business with. I couldn't tell you which ones I remembered to opt-out from and which ones I didn't. I can't remember a time when I had to opt-out after the fact because I was getting spammed.

OTOH, my spam folder is full of ads from companies I've never done business with. Guthy-Renker for some line of cosmetics – I'm a guy. Singles Black Dating – I'm white. Speed Dating – I'm married. Get Cash for my Timeshare – I've never owned a timeshare. Etc. Every one of them has their weasel word disclaimer that says I'm getting their spam because I opted in. Really? That's news to me.

And now, you can be sure, I will never do business with them under any circumstances, not that I was ever likely to be a customer in the first place.

10 minute mail (0)

Anonymous Coward | more than 2 years ago | (#37453886)

>> Shouldn't you be able to sign up for something without automatically being signed up for a never-ending stream of 'updates?
That's why http://10minutemail.com/ was invented.

On the other side of the big pond (0)

Anonymous Coward | more than 2 years ago | (#37454136)

The Dutch law requires opt-in. The "send me spam" option can't be checked by default, the user must manually check this before sending the form. This means that without a specific user action, you won't receive any spam. Make this a global law, et voila.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...