Forgot your password?
typodupeerror
Spam IT

When Does Signing Up Become 'Opting In?' 151

Posted by Soulskill
from the give-an-inch-and-they-take-a-mile dept.
AmyVernon writes "This piece from RWW got me thinking about whether, when you sign up for access to a site, you're actually signing up to get a slew of email spam from them. The single opt-in is still really popular, which I've noticed because I often check the box indicating I don't want further emails from a company or publisher. I always assume that giving my actual email address means I'm going to get spam-type emails from whomever. It still surprises me that most people don't. But it does raise a good question: Shouldn't you be able to sign up for something without automatically being signed up for a never-ending stream of 'updates?'"
This discussion has been archived. No new comments can be posted.

When Does Signing Up Become 'Opting In?'

Comments Filter:
  • by giorgist (1208992) on Monday September 19, 2011 @10:05PM (#37451794)
    Simply put, if they spam you and you click them as so, then even their legitimate emails will end up in other peoples spam folder.
    If they are a little agresive in sending you emails without a easy way to opt out ... SPAM

     
    • by Anonymous Coward

      It quite clearly states "Check this box to add yourself to our Opt-In Exclusion Removal Preference list".

    • by Opportunist (166417) on Monday September 19, 2011 @10:25PM (#37451898)

      This is very, very slowly getting through to the managers, though.

      I had a boss not too long ago who simply assumed that everyone who ever bought a product wants to get our newsletter. I warned him that we might end up on blacklists, he chose to belittle my being a scaredy-cat and ignore me.

      Last I heard is that he's fighting a losing uphill battle to get off the various spam blacklists because NONE of his emails get to their recipients anymore, and he noticed that it's not building trust in a company when you have to phone a possible business partner who has a commercial spam filter to tell him that he has to dig through his spam for your mail.

      • This is very, very slowly getting through to the managers, though.

        I had a boss not too long ago who simply assumed that everyone who ever bought a product wants to get our newsletter. I warned him that we might end up on blacklists, he chose to belittle my being a scaredy-cat and ignore me.

        Last I heard is that he's fighting a losing uphill battle to get off the various spam blacklists because NONE of his emails get to their recipients anymore, and he noticed that it's not building trust in a company when you have to phone a possible business partner who has a commercial spam filter to tell him that he has to dig through his spam for your mail.

        Unfortunately most businesses seem to realise this is going to be a problem, and rather than not sending spam in the first place, they just ensure it comes from different mail servers and a different domain to their normal operations.

        • rather than not sending spam in the first place, they just ensure it comes from different mail servers and a different domain to their normal operations.

          Even this has long since ceased being effective. Most legitimate hosting companies will cut off violators of their "terms of service" which generally include rules to the effect that sending out unsolicited emails (i.e. spam) from their address ranges is grounds for termination of contract. Look at it from their prospective, if even a few of their clients did this SpamHaus and others would very quickly black ball their entire address range so that all of their customers would see their outbound emails black

          • Spam is a losing game these days

            My inbox will contest that. I get spam from some pretty reputable UK companies, despite the fact that it is illegal.

            These days whenever I hand out an email address I suffix the user-part with the domain name I'm signing up to so I at least know who's responsible for the spamming. I *never* tick the "please send me emails" boxes (and similarly I always tick the "please don't send me emails) boxes. Despite this, I do get a lot of spam from companies I've legitimately handed my address too - my response it

            • by dkf (304284)

              My inbox will contest that. I get spam from some pretty reputable UK companies, despite the fact that it is illegal.

              There's two different types of spam. One is commercial email that is sent legitimately but which you don't want, and the other is the stuff that is being sent by the true mass spammers which uses false identities. The former, you can block with your email client just fine because it's not pretending to be anything or by anyone other than the truth. The latter, that merits the use of real anti-spam services (block lists, etc.) While yes, you don't really want either, it's the latter which is a deep problem (

              • by FireFury03 (653718) <slashdot@nexusuk . o rg> on Tuesday September 20, 2011 @05:27AM (#37453800) Homepage

                There's two different types of spam. One is commercial email that is sent legitimately but which you don't want

                I would argue that if they autosubscribed me without asking, or actively ignored the preference I made when I signed up (both of which are illegal in this country) then it is not "sent legitimately". True, they tend not to fake the sender, but they are indistinguishable from spam sent from false identities (at least, not trivially distinguishable), and you therefore can't trust the "unsubscribe" link will actually unsubscribe you rather than harvesting your address (also, would you trust such a link if the sender had previously ignored your preferences anyway?).

                In the other hand, in some cases there is a real problem with sending spam. I have in the past dealt with a bank (who I closed my accounts with then they started with this) who took to emailing me with marketing. The emails came from a domain that wasn't identical to their normal domain and instructed me to follow a link to a website which, again, wasn't their normal trading domain. The email told me that I could verify that it was legitimate because it contained some trivial PII (I think it was the first half of my postcode, or something similar... basically something that pretty much anyone could find out). So there are 2 problems here:
                1. The bank is teaching people that they can authenticate an email based on some very spoofable details instead of securely signing it using a readily available, standard and widely supported technology such as S/MIME.
                2. The bank is teaching their customers that it is ok to follow links in emails to random websites claiming to be their bank but being served from a domain that isn't recognisably the bank's own domain.
                Whilst the website in question was purely marketing and didn't ask for any personal details, it strikes me that it was a little too close to what phishing looks like and that teaching the general public that they can expect their bank will communicate in this way is a Bad Thing... A good chunk of the public don't have a good enough grasp of security to consider the difference between this and a phishing mail.

                • It's sad, but since I run my own mailserver every login, every website, every promo, get their own e-mail address.
                  [website|promo|domain].[salt]@myhost.com
                  If I don't like their e-mail I blackhole their address. If I like (or need for a while) their e-mail I FWD that to my real e-mail address.
                  -nB

          • by tlhIngan (30335)

            Spam is a losing game these days and only stupid managers send spam or hire spammers to do it for them.

            Spamming is a losing game for the goods/service being spammed. But a great service for those doing the spamming. I think I got an email awhile back advertising such services, and 32,000,000 European inboxes were available for $200 or so. The spammer gets his $200, fires off 32M emails, and who cares if even 100% of it is blocked - he's been paid.

            Also, most companies have a third party manage their mailing

        • This is very, very slowly getting through to the managers, though.

          I had a boss not too long ago who simply assumed that everyone who ever bought a product wants to get our newsletter. I warned him that we might end up on blacklists, he chose to belittle my being a scaredy-cat and ignore me.

          Last I heard is that he's fighting a losing uphill battle to get off the various spam blacklists because NONE of his emails get to their recipients anymore, and he noticed that it's not building trust in a company when you have to phone a possible business partner who has a commercial spam filter to tell him that he has to dig through his spam for your mail.

          Unfortunately most businesses seem to realise this is going to be a problem, and rather than not sending spam in the first place, they just ensure it comes from different mail servers and a different domain to their normal operations.

          If you are a business you HAVE to. From the start I made my mailing list completely opt-in. That doesn't stop AOL users from using the spam button instead of the prominent link at the top that gracefully removes them from the list. You can't have customers not receiving order confirmations or order updates or have business email blackholed because some webmail users decide they don't want your mail anymore.

          • by Kjella (173770) on Tuesday September 20, 2011 @04:33AM (#37453622) Homepage

            If you are a business you HAVE to. From the start I made my mailing list completely opt-in. That doesn't stop AOL users from using the spam button instead of the prominent link at the top that gracefully removes them from the list. You can't have customers not receiving order confirmations or order updates or have business email blackholed because some webmail users decide they don't want your mail anymore.

            Blame that on all the asshats sending spam who take a link to opt out as a confirmation that your email address is live and proceed to sell it to ten more spam lists. Simple people need simple rules so the rule became to always click the spam button and never any opt out link. To fix this you'd have to fix the email system so we can tell the real opt-ins from the linkbait.

    • Absolutely, if a site I want to visit requires me to give it my email address in order to look at its content and does not give me the option to choose not to recieve emails from them (and they are not a site I want to receive emails from), if I get emails from them, I click on the spam link. On the other hand, unlike many people I work very hard to remember that I intentionally asked a company, or organization, to send me email before I click spam. If I chose to receive email from a company and realize tha
  • by Mashiki (184564) <mashiki@@@gmail...com> on Monday September 19, 2011 @10:07PM (#37451798) Homepage

    In Canada unless it's clearly defined it's a privacy violation to do so. It's also a privacy violation in Germany, and I believe California. Signing up != A business relationship. So marketers take heed. Just because you can do something, and haven't been sued yet. Doesn't mean you won't. It just means that people can't afford to do so, or they don't care enough right now.

    • by msobkow (48369)

      I've never had a problem with any websites spamming me if I remember to opt-out. It's annoying that they default to opt-in when you're entering your info, but even if you forget to opt-out they usually make it easy to correct the problem (though it may take a day or two for the server to catch up.)

      I'm actually having the direct opposite problem right now -- I can't get the freeswitch.org list servers to accept my home account as well as my work account. I think the server is seeing the same name and sk

      • by dwillden (521345)
        Which is the my current big complaint. You initially choose to get their email, or forget to opt-out, it only takes an instant at sign up to get the email rolling in, but choose to unsubscribe and you get taken to a page that says "Sure we'll unsubscribe you, no problem, it'll take three or four business days to do so." WHY?

        Why when it only takes a single click to start the spam flowing does it take three days to get it to stop? Especially since we all know there is no human intervention needed to sto
        • by bornie (166046)

          Three days? That is fast!
          I once was told that it would take three weeks for me to be unsubscribed, with a few mails each week. If I had known that I would be spammed so much I would have shopped at another site.

          And I hate being forced to log on to unsubscribe! It should be possible with only a link in the mail.

          • by Quirkz (1206400)
            I got on Stonewall Kitchen's mailing list once when I ordered a gift for my mom. They started sending me emails about every three days. I tried repeatedly to unsubscribe, and the page kept saying the unsubscribe was confirmed, but I kept getting email. After about two months (and three tries with their contact us form, the first two never got replied to) I got someone who said, "Oh, sorry, our unsubscribe page is broken. I've taken you off the list."

            I can't really imagine a situation where they'd leave a
            • I can't really imagine a situation where they'd leave a broken page up for two months without a) fixing it, or b) changing the message to at least say "sorry, this doesn't work right now" unless it was intentional. It's a shame, too, because I like their stuff, but their combination of aggressive and sleazy marketing methods is not something I want to support.

              Come work in the real world, where if it is not visibly broken and a manager doesn't make it a priority, it won't get fixed. And if you do put it
  • But it won't happen, at least not anytime soon. They make too much money right now.

    You really should also be able to explicitly tell them not to sell your personal information to other companies and have them actually follow through with not doing that, but it doesn't look like that will actually happen anytime soon either despite the victories won by privacy advocates. Too many people just don't care as long as they're not being physically inconvenienced.

  • by Anonymous Coward

    Sign up using a throwaway account that is name-related to the site you are signing up to. That way you will always know who are the ones that send you spam, or sell your address to spammers.

    • by lintux (125434)

      A special e-mail account for every account I create? So whenever I create an account, I create two? :-)

      I'm using a catch-all domain for this. Works pretty well too.

      • Try spamgourmet [spamgourmet.com]. It's really neat because the act of signing up can automatically create the email address for you. After that you get to know for sure exactly which services sell on your email address. I've been surprised (I only found two so far; they weren't ones I expected; it seemed to be due to a security problem).

        The advantage over a catch-all domain is that it has all sorts of mail handling features like auto-expiring the address if they start to spam; re-instating the address if it turns out t

      • by HTH NE1 (675604)

        A catch-all is fine if your domain isn't attractive to spammers to use for their outgoing mail. I had to convert one of my two domains away from being a catch-all because of a certain movie being released with the same name became attractive to spammers. I don't even accept e-mail via a webmaster account for the site anymore. At peak volume, my ISP actually disabled my procmail spam filter because it was using too much CPU on their system, replacing my .procmailrc file with a copy with permissions against m

        • by xelah (176252)

          A catch-all is fine if your domain isn't attractive to spammers to use for their outgoing mail.

          I've found that once spammers start forging your domain and those forged e-mails start turning up in people's inboxes, other spammers then pick those sender addresses out of those inboxes and use them as targets for spam. Argh!

        • by Quirkz (1206400)
          No kidding. I managed to use a catchall for a couple of years, but it eventually became unbearable. I had a couple of cases of spam being sent out that bounced back to me, but also many cases of systematic name-guessing at my domain. I'd get a series of messages for aaron@, adam@, bo@, bob@, carl@ .... and on down the list for hundreds of the same thing.
      • I just use a special email account for all businesses that I expect TurboMails from.

        In a way it's so simple it's easy - it's easy to remember when you're on the spot signing up for stuff, and you know there's nothing "important" there. So you just let them all fight it out.

        "You have 1422 new mails!"

        So what? They're all corralled in the email-box resembling Montana. Radio Shack, Groupon and more.

    • by nospam007 (722110) *

      Just use mailinator.com to sign up.

      Just enter whateveryouwant@mailinator.com and go check the sign-in confirmation at mailinator.com and you're done.
      No need to create a special mail address first or to use a spam-me address where you'll have to wade through hundreds of spam emails to find the right sign-in one.

      • by wagnerrp (1305589)
        I've started proactively blocking mailinator.com, and any other domain I find that forwards their MX to them, on a wiki I administer. For every one legitimate user signing up, I have fifty more who are just generating spam accounts. Considering one sixth of all users ever make a single edit, and one twentieth make five or more, anyone who's going to stick around and become a meaningful contributor is likely to be willing to give a real address.
        • by nospam007 (722110) *

          "anyone who's going to stick around and become a meaningful contributor is likely to be willing to give a real address."

          A 'real' address? You mean they create an alias that they delete after having signed up?
          That's what I do for the few sites who block mailinator com and their associates.

          • by wagnerrp (1305589)
            Yes, a real address through a real mail server, rather than one that just accepts anything and everything, even if it's just going to be immediately discarded after the authentication process. Users can manually do it. Bots can do it too, but blocking mailinator and their ilk means I block out a big chunk of the spam that is pointed at the wiki, and spend less time cleaning it out the accounts that still do end up getting made. There's never any perfect solution, but blocking them put an end to what was
            • by X0563511 (793323)

              Yes, a real address through a real mail server, rather than one that just accepts anything and everything, even if it's just going to be immediately discarded after the authentication process.

              And just how do you plan on differentiating that? Here's a hint: "one that just accepts anything and everything" is also a real address through a real mail server.

    • Re:Protip (Score:4, Informative)

      by Demonoid-Penguin (1669014) on Tuesday September 20, 2011 @02:03AM (#37453056) Homepage

      Sign up using a throwaway account that is name-related to the site you are signing up to. That way you will always know who are the ones that send you spam, or sell your address to spammers.

      gmail accounts don't care about dots in your email user name - which makes it easy to tell who leaks your email address to spammers. Eg. sign up to gmail and dickhead@gmail.com - then sign up to slashdot as dick.head@gmail.com. All spam addressed to dick.head@gmail.com came via slashdot. NOTE: slashdot doesn't sell email addresses - but I certainly caught companies doing using this technique.

      • Eg. sign up to gmail and dickhead@gmail.com - then sign up to slashdot as dick.head@gmail.com. All spam addressed to dick.head@gmail.com came via slashdot.

        Richard Head probably didn't want his gmail address spewed around, you inconsiderate clod!

        • Eg. sign up to gmail and dickhead@gmail.com - then sign up to slashdot as dick.head@gmail.com. All spam addressed to dick.head@gmail.com came via slashdot.

          Richard Head probably didn't want his gmail address spewed around, you inconsiderate clod!

          He's a prick - who cares. Hang on... my mother is a lump of dirt - find another insult.

      • by Kjella (173770)

        The problem with this approach is that once you get spammed you'll continue to get spammed (getting off spam lists is impossible once you're on one of the bottom feeding v!4gr4 lists), unless you set up special block rules. I like yahoo's throwaway addresses, you can have up to 500. If I get spammed, I chew out the ones who spread it then delete the address. It's a very simple and very final solution, only wish I'd used it earlier because my email already has a degree of spam from the "old days", plus vario

        • The problem with this approach is that once you get spammed you'll continue to get spammed (getting off spam lists is impossible once you're on one of the bottom feeding v!4gr4 lists), unless you set up special block rules. I like yahoo's throwaway addresses, you can have up to 500. If I get spammed, I chew out the ones who spread it then delete the address. It's a very simple and very final solution, only wish I'd used it earlier because my email already has a degree of spam from the "old days", plus various stupid people that cc 100 people at a time so it gets spread far and wide.

          There are two compelling reasons to use that approach:-

          1. You know who to smack upside the head with a teaching bat
          2. You can filter all email with that dot arrangement

          That's not to say you shouldn't run multiple email accounts.

      • Re: (Score:2, Informative)

        by Anonymous Coward

        Gmail also gives you unlimited e-mail addresses. If you are bob@gmail.com and you sign up for "Site A", you can enter bob+sitea@gmail.com as your e-mail address. Still goes to the same inbox but easily filtered and you can trace who originally gave out your e-mail adress if you give a unique version to every site.

        • by X0563511 (793323)

          Confirmed... it works. That said the webmail frontend doesn't make it immediately apparent where it got sent to. You have to click "show details" on the header for every message you want to check.

  • Assume that every email address you give out is going to get spam, so use different ones in different places.

    When the inevitable spam starts, make the decision. Do you believe that this entity is likely to respect unsubscribe requests? If so, hit unsubscribe. If not, forward to /dev/null.

    The practice is so damn common now, that no matter how much it pisses you off, you have to understand that the other guy has no idea that you think he is a worthless scumbag. You really can't buy from anyone online with

    • by afidel (530433)
      I do this to some extent, I use the name+company@gmail.com trick to sign up when their form will allow it, otherwise I make a blanket assumption that they are going to spam me (since their developers can't read an RFC) and give them my spam catcher account which I only ever check when I'm expecting a response from a web form =)
      • +1 to this.

        I tell everyone with a gmail to do this with every single account they create; this enables them to determine who's invading their email space....

        cheers

      • by whoever57 (658626)

        I use the name+company@gmail.com trick to sign up when their form will allow it,

        I use this also, but far too many websites won't accept it. I run my own email domain, so if I want to sign up, I just create a <me>_<company>@<my domain> alias.

        I even came across a website that would not accept a "." at the end of the domain part of an email address, which is surely valid.

        • by godefroi (52421)

          Your strategy is easily dealt with:

          find ([^\+]*)(\+\w+|)@(.*)
          replace with $1@$3

          If it ever became widespread, it'd be defeated VERY rapidly.

        • A lot of companies won't accept gmail? I find this very hard to believe, unless a company really doesn't want to stay in business. I remember back in the day when sites stopped accepting yahoo and hotmail addresses, but in today's web I am willing to bet more people have a webmail account than a isp-provided email. With as much as people jump services, or services get acquired and rebranded, most people cant afford to have their email address locked to their provider. And since google seems to be a fairly s

      • by shentino (1139071)

        Sadly I've seen web forms get wise to this thing and reject that syntax.

        Spammers are getting smarter.

      • by geekboybt (866398)

        You know, I hear of this solution constantly. If I were a spammer (and I can assure you I am not) that's constantly tweaking my messages to go through Bayesian filters, why would I not run my address list through something that removed "+something" from the mailbox portion of the address? Seems like the easiest trick in the book, especially when you've lifted the addresses from a database without permission.

      • I do this to some extent, I use the name+company@gmail.com trick to sign up when their form will allow it, otherwise I make a blanket assumption that they are going to spam me (since their developers can't read an RFC) and give them my spam catcher account which I only ever check when I'm expecting a response from a web form =)

        The problem with that trick is that your regular email address (name@gmail.com) is revealed. Spammers will just ignore everything after the +. You can make it more effective by taking into account the fact that gmail lets you put dots almost anywhere in your name. For example, register my.name@gmail.com and use it for communicating with your friends but never use it for signing up to websites - when you do that put the dot somewhere else (myn.ame@gmail.com, for example). Then create a filter that blocks eve

    • by Burdell (228580)

      It also allows you to see who sold your email and/or who has been compromised. I have a personal domain for email, and I use a different address for just about everything (and they're usually pretty unique, so not found by address harvesting). I am now getting a lot of spam at the address I gave to Linux Journal; since they went online-only and I cancelled my subscription, I killed that address.

      I also had a year of free credit monitoring with one of the "big three" credit agencies (due to somebody else's

    • I use spamgourmet.com [spamgourmet.com] for disposable email addresses.

      Among other things, spamgourmet lets you set the number of messages that can be sent, so it can be useful for things like placing an order where you need to register, get an email with a link to validate your email address and then get an order confirmation and a few tracking status emails, but then stop accepting anything after that.

      It doesn't catch as many bad actors as I thought it would, but when they do misbehave, it's kind of cool to see the number

      • by wagnerrp (1305589)
        Sadly, these disposable addresses are used far more by spambots than by legitimate users attempting to avoid spam.
        • I think Spamgourmet is pretty determined in blocking this. Do you have an examples? Have you reported this to them? (or their forum?)
          • by wagnerrp (1305589)
            Looks like I need to retract that one. None of the handful of users signed up through spamgourmet have been banned due to spam, of course none of them have made more than a single minor edit either. The real culprits are things like mailinator or mytrashmail, and I had added spamgourmet to the list after skimming the list of email domains and assuming them to be set up the same.
    • by scsirob (246572)

      I have a domain that I use to receive email on. The main email box does not get used at all for incoming our outgoing mail, ever.
      When I need to sign up to a website (eg www.somesite.com) then I create an alias somesite@mydomain.com and forward it to my regular inbox. I always opt out of newsletters and other stuff. If I ever get spam addressed to somesite@mydomain.com, I know that somesite does not respect my opt out, has been hacked, or their database has been abused. That's the last time I did business wi

  • They are only asking for your email address so that they can sell it to spammers and spam you themselves.

    Use http://www.mailinator.com/ [mailinator.com] and thwart their evil plans...

    • by Fnord666 (889225)
      I use mailinator if I think I will need to contact a company down the road. If they want my address just so I can view a post in a forum or download a file, I use Ten Minute Mail [10minutemail.com]. The email address lasts just long enough to receive a confirmation email and hit the confirmation link. After ten minutes it goes poof. Ten minute mail also rotates their domain regularly so they tend to stay in front of the sites that may block mailinator addresses.
    • Well, a number of reputable sites also use email to authenticate users, provide a means of recovering lost passwords, and to avoid the dance where users try to find a valid username.

      And to spam.

  • If it's so important that you want it, then it's good enough for your "spam email" address. I've had one for years - works like magic.

    Example: my real email could be (but isn't) RalphSpoilsportMotors@gmail.com. My SPAM email could be (but isn't) RalphsSpambucket@Gmail.com.

    They get their email address, I get their content sans bullshit and every one is happy.

    Now, how hard is THAT?

    RS

    • by Anonymous Coward

      An alternative I use (if you don't mind spending a couple bucks a year) is to own a domain. It doesn't need to be hosted anywhere, and it can be whatever you want. (Bonus points for being able to sign up at forums/sites that won't allow free email accounts!)

      Sign up for Google Apps (free) and follow the simple steps to get your domain set up for email. Make your real email address that you only give out to real people, then make one called "catchall@yourdomain.com" - or anything you like, really. Now, in the

      • by llzackll (68018)

        I do that, but now realize it's pretty much pointless since I don't use e-mail for any personal correspondence anyways, unless it's my work e-mail. Do people still actually use e-mail outside of work ?

        • I do that, but now realize it's pretty much pointless since I don't use e-mail for any personal correspondence anyways, unless it's my work e-mail. Do people still actually use e-mail outside of work ?

          Yes, most of the world still uses email. Out of curiosity, what do you use instead?

          • SMS primarily, then phone to talk, then in person to do stuff. For acquaintances Facebook - it's the new email list.

    • The problem is that this does not work for everything.
      I fly every week and therefore I receive every week three emails asking me to rate how pleasant the service was from my airline, car rental firm and the travel agent.
      Eventhough, I am loyal to these companies, everytime I delete such an email (yes, I do not respond to these quality questionnaires), I hate them a little more...

      So a spammebadly@gmail.com will not help me, I need my confirmation emails from these companies.

      And yes, a rule in my email client

  • I use http://mytrashmail.com/ [mytrashmail.com] whenever I need to sign up for anything. Use it finish the e-mail validation that these sites make you do, and then forget about it.

    I really wish that Google would build something like that into GMail -- something that would let you create a disposable address that is forwarded to your real address, but then can be easily blocked once you start getting spammed. (No, the "+" addresses doesn't cut it, since it reveals your real address to anyone who cares.)

    • by MattW (97290)

      They do: http://www.google.com/apps/intl/en/group/index.html [google.com]

      Get a domain for $10 a year and sign up. You can alias the whole domain and just blacklist/whitelist at will.

    • Gmail strips out the "." in email addresses so, for instance, "beetlebailey@gmail.com" and "beetle.bailey@gmail.com" are effectively the same. One advice I heard from before is to give out something like "beetlebail.ey@gmail.com" for signups. Once that becomes compromised, you can automatically filter all messages to that address to trash or spam.
      • by lakeland (218447)

        That's much the same as the + trick - there are too many people that know it for it to really hide your email address.

      • by 1u3hr (530656)

        give out something like "beetlebail.ey@gmail.com" for signups. Once that becomes compromised, you can automatically filter all messages to that address to trash or spam.

        And the linkspammers use that too to evade blocks on their accounts.

        I admin a forum and review signups. Any that use the dot trick I bin, after checking a few dozen and finding 100% were blacklisted addresses.

        • I've been using dots for > decade. It used to be a standard way to do first.last@domain.tld.

          • by 1u3hr (530656)
            Single dot for a space is okay. Its when they do j.o.h.n.s.m.i.t.h@gmail.com that I know they're up to something. Possibly they just are trying to protect themselves from spam, but unfortunately, it's now the mark of a link spammer.
  • And if you happen to have a first-initial-last-name type email address at a popular provider, then you get potentially dozens of other peoples' single-opt-in spam. Over 50% of the email I get is addressed to someone other than me. Painful.

  • Own mail server with Postfix + 1 email address per vendor && if they send UCE or SPAM, report to SpamCop && disable their email address.
     
    No need to deal with creating extra accounts on Gmail or Spammotel.

    Script:

    vi + /etc/postfix/virtual # dup last line and edit email address

    postmap /etc/postfix/virtual

    postfix reload

  • Whenever I sign up for some random site that I'll never visit again, I use an e-mail alias so I can track what they send me, who they're selling my e-mail address to, or who hacked them and stole my information. It's simple enough, just set up a catch-all e-mail address on a domain, then when you sign up for www.uselesssite.com, use the e-mail address uselesssite.com@yourdomain.com. If you start getting a bunch of spam to that address, it's pretty hard for them to refute that they're the cause of it.
  • I mean, as long as they are up front about what they'll do with your email address, aren't you essentially agreeing to that in exchange for the service they offer?

    This smacks of the old days when people used TV antennas to get "free" TV, and then complained about commercials. If the service isn't worth the unwanted communications, don't use it. But they're under no obligation to give you what you want, on your terms, and subject to your every whim.

    Now, places that are dishonest or deceptive about the contra

  • by lwsimon (724555) <lyndsy@lyndsysimon.com> on Monday September 19, 2011 @11:46PM (#37452392) Homepage Journal

    Single opt-ins suck. Why would you ever want to subject your list that that much "spam" notations? No one wants to see your promotions if they've not signed up for them. If you're running the business right, people will want to open your emails because they provide value.

    I use double opt-ins for my online listbuilding, and am very explicit that the user will receive solicitations. I use single opt-in in the real world only, such as when I run a contest dropbox to collect email address to win a prize. Physically writing your email on a scrap of paper is good enough verification for me.

  • Not associated with the site in any way except as a long time user, but I urge people to set up an account with spamgourmet.com. They will forward your e-mail to your real e-mail address. Not only can you create a unique address for everyone that you have to give an e-mail address to on the fly, but you can disable any of the addresses at any time and you can tell who is abusing your e-mail address. For example, I just checked with spamgourmet and I see that the last 3 pieces of junk mail they discarded wer

  • This just shows how disconnected the MBAs are from the people who really have to implement it or deal with it. Only managers think that it is good practice to bombard paying customers with crap that they don't really want. It sure looks good on paper or in a Powerpoint, right? Could help get that extra 3% market share!

    • by pspahn (1175617)
      Well duh. They define the entire business model on the idea that each user in their database is worth $x. If they reach a certain amount of users, they will make x amount of money. That disconnection between IT and Management is a two way street.
  • by msobkow (48369) on Tuesday September 20, 2011 @12:43AM (#37452656) Homepage Journal

    I worked for a company that had a manager who insisted on sending out a newsletter to everyone in the company customer database. We warned him that was illegal. We warned him that would be spamming.

    He refused to listen and ordered the email sent.

    The entire company was blocked from sending emails less than 24 hours later.

    You should have seen him rant and rave about the importance of getting the emal "fixed." His manager found out about the "newsletter", and fired him on the spot.

    • by Kjella (173770)

      His manager found out about the "newsletter", and fired him on the spot.

      At least there's one good manager in this story, he's even the boss of the bad manager. It could be worse...

    • In the military there are provisions against executing illegal orders; how come the operators DID send the mail ? weren't there provisions against this ? How was did Eichmann defense stand ?

    • by WuphonsReach (684551) on Tuesday September 20, 2011 @12:30PM (#37457130)
      I worked for a company that had a manager who insisted on sending out a newsletter to everyone in the company customer database. We warned him that was illegal. We warned him that would be spamming.

      Not illegal in most jurisdictions as long as there is a pre-existing business relationship. Presumably, if they're customers, then they qualify.

      Doesn't mean it's not sleazy and prone to cause problems.
  • Each and every site I sign up to gets a unique e-mail address and all my mail goes through both my gmail account and isp filtering.

    While I prefer to have the choice to opt out at sign up (and have that choice respected), this method means I can simply update or remove just one e-mail address and stop the problem should a site not respect my wishes.

    Adds a tiny admin. overhead to each sign-up but is worth it
  • This is the way to go.

    Several people have already told the virtues of this, which I won't repeat. I do add a little twist because I run my own spamtrap and DNS RBL which I update whenever one of the addresses yields unsolicited newsletters and similar spam. Then that company 's mailservers are blacklisted more or less forever. Basically it works like this:

    Each address on the disposable list initially is an alias of my real email address.
    If one gets compromised, it is switched to being an alias of the spamtr

  • The way to automatically agree to things and you have to opt out may in some countries be illegal.

  • I've got an idea: rather than report on geek news, let's just randomly talk about something.

  • When does grammar becoming trashing?
  • Doesn't everyone have an email address that they use for non-human communication? If your dealing directly with a human you give them your direct account sgt_scrub@. If your dealing with an online entity you give them your non-human address spamaway_beotch@.

  • I created a single mailbox to handle email from websites that ask for an account sign up. For each website, I created a unique email alias for that single account that is delivered to my consumer email account. The idea being, once I started receiving unwanted spam in that account, I would simply delete the email alias that was receiving that junk email. This was based on the idea from the early days of email, where you created a totally separate email account for each thing you signed up for in order to av

  • ...is having an address that retards accidentally use as their own - e.g. if you were to score the address, "fred@gmail.com".

    Very soon you discover that few "opt in" companies actually verify that you own the address you're submitting - and more, you discover that there's no provision to get out of it, unless you know the account name/pass.

  • If you ever use Delta Skymiles to get some "free" magazine subscriptions, be prepared for a shit-ton of frequent spam that you literally can't unsubscribe from. It also has the awesome feature of coming from no less than 5 different email addresses, making it a PITA to effectively block once you figure out that their unsubscribe links are purposefully broken. Bastards!

Nobody said computers were going to be polite.

Working...