>On 2015-07-09 16:58 +0000, David Jones wrote: >> Did the email have a valid unsubscribe link/process?
>It is in Dutch, and I can't read Dutch. >(Yes, I do use the language plugin.) >> I shortcircuit as ham for these two rule hits and never have had a >> report of spam that couldn't be reliably/safely unsubscribed from. (I >> filter about 90,000 mailboxes.) >How can I tell if it is safe if I can't even read the message? Unfortunately this is not easy and takes years of doing mail support before you can tell. Here's what I have found over the years: First. Hover over the link and make sure it's going to take you where you think it should or where they claim they are going to take you. Characteristics of legit unsubscribe links: 1. They use a GUID (unique identifier) in the URL and not your email address. 2. The unsubscribe form shows you your email address (or partial email address for security). Make sure your email address is not in the link (#1) since this will mean they have a database that ties the GUID back to your email address. Characteristics of a bad unsubscribe process: 1. They require you to reply with a specific subject. 2. They make you type in your complete email address. This could be harvesting or validating your email address for more spam to be sent your way. >But in general, to me it is spam if I didn't explicitly subscribe. And >I didn't. There is difference between spam and UCE (unsolicited commercial email). Everyone may define these a little differently but I classify what you got as UCE. Spam, to me, is malicious like viruses, malware, phishing, etc. Spam tends to come from untrusted mail servers with some coming from normally trusted mail servers that had an account compromised. These tend to become listed on RBLs fairly quickly so the majority can be handled with a good RBL setup in the MTA. UCE tends to be more trusted mail servers that want to send you marketing crap to get you to buy something. These trusted mail servers should be allowed through as long as they have a reliable unsubscribe process. This puts the control back in the recipient's hands/mouse since some may want it and others may not. Email addresses are bought and sold all of the time and make their way onto legit sending platforms and servers by unscrupulous senders. You shouldn't penalize legit senders that follow the rules (i.e. constantcontact.com, mailchimp.com, etc.) and provide legitimate unsubscribe methods. Just unsubscribe from the trustworthy senders usually in whitelists like Return Path and others. If they start abusing things, most of the good ones will have an abuse reporting system so look in the headers and report the abuse so they can crack down on their bad customers.
