Why You Shouldn't Unsubscribe From Spam Emails

18 Jun 2024

Many people don’t realize opting out of spam emails is an easy way to receive more junk mail or even infect a device with malware. Even opening a suspicious message could result in losing security or privacy. What are the risks of unsubscribing?

Why Should You Never Unsubscribe From Spam Emails?

At best, unsubscribing from spam lets the sender know the account is active, prompting them to send more emails or sell the recipient’s contact information on the dark web. At worst, what appears to be an annoying or sketchy message is actually a phishing attempt — meaning clicking anything could infect the device with malware.

As of the beginning of 2024, about 46.8% of global email traffic is junk. Most people have evolved to detect and defend against it since it’s so prevalent, but they can’t catch every suspicious message. If one manages to evade filters and ends up in the inbox instead of the spam folder, it’s up to the recipient to deal with it.

Does the unsubscribe button work on spam emails? Generally, no. In the best case, spammers can ignore unsubscribe requests. In the worst case, the unsubscribe button will take users somewhere — to be attacked. The malicious link directs them to a fraudulent website that looks legitimate — the scammers recreate real pages because it helps them trick people — but is really a medium to infect their device with malware.

These messages are annoying and intrusive on purpose: scammers want users to open and interact with their messages. Around 71% of phishing emails use links, which is what they’d embed in a fake opt-out button. It only takes one misplaced click for an individual to unknowingly infect their computer with malware.

Are Senders Legally Required to Let You Unsubscribe?

In many countries, entities are legally required to let recipients unsubscribe. In the United States, the Controlling the Assault of Non-Solicited Pornography and Marketing Act gives people the right to force senders to stop emailing them. The United Kingdom has a similar law. However, there’s one major catch — phishers and spammers generally don’t care about laws.

Even though regulatory agencies set severe penalties for violations — typically fines or legal action —  they are powerless in the face of the dark web. They have no recourse if they can’t figure out spammers’ identities. So, although senders technically are required to let people opt out of future messages, they won’t always follow those rules.

The Risks of Unsubscribing From Spam and Scam Emails

Even attempting to unsubscribe from junk mail can be detrimental to a person’s privacy and security. A spy pixel — a small image file inserted into content — tracks them as soon as they open the message. It is often as small as a 1x1 pixel, making it invisible even if they know what to look for. It can capture information like their IP address or location.

Exploits are another risk. While most people scan incoming messages and block any that would automatically infect their device upon opening, no defense is 100% secure. Bad actors can exploit vulnerabilities to launch zero-click attacks — where the individual doesn’t need to click on a link, button or attachment for the malware to trigger.

While uncommon, exploits can happen. One example is Outlook’s zero-click vulnerability. Researchers realized sending a reminder with a custom notification sound would cause the recipient to retrieve an audio file from any server on the internet instead of a trusted source. By sending another email containing the malicious file from their server, they could execute the code and infect the machine — without any interaction on the recipient’s part.

Even if people can open the email safely, clicking unsubscribe is risky. Phishers can embed malware in the button or direct people to a malicious website. Instead of receiving fewer messages from the sender, they have to deal with ransomware, viruses or spyware — and will likely be bombarded with more spam since they’ve indicated they’re vulnerable to it.

The most basic risk of opting out of receiving junk mail is loss of privacy. Interaction enables scammers to detect IP addresses and other identifying information. If they decide to sell those details to data brokers — or bad actors on the dark web — it could lead to spam calls or account takeover attempts.

3 Tips for Reducing Spam Without Unsubscribing

Luckily, several ways to reduce spam without unsubscribing exist:

1. Mark the Email as Spam

Marking an email as junk moves it to the spam folder, which automatically deletes it after a certain period. Additionally, it helps train the filter to block all similar incoming messages in the future. Gmail, Apple Mail and Outlook users can select the message and click the report, junk or trash icon.

2. Block the Sender

Blocking a sender prevents them from sending more messages. It may not always work since phishers and spammers often spoof their addresses or use burner accounts. However, it at least temporarily reduces the frequency of junk mail in people’s inboxes by automatically sending all future messages to their spam folders.

People can only block someone on Gmail if they open a message and click on the three vertical dots. Those using Apple Mail must select the message and click on the arrow next to the sender’s name for the option. Outlook users can enter their settings and add the address to the blocked senders list.

3. Create a Second Email

People who have two addresses are more protected against junk mail. They can use it when signing up for promotions, filling out surveys or visiting sketchy websites while keeping the other for important notifications like shipping updates, bills and personal messages. This way, most spam goes there instead of to their original inbox.

Is It Better to Block Spam Emails or Just Delete Them?

Generally, it’s better to block junk mail to minimize the chances of any misclick resulting in a malware infection or privacy loss. The sender won’t receive a notification they’ve been blocked, so it doesn’t tip them off to an active account, either. While deleting them is a good idea, preventing unwanted emails is better.