Should You Click 'Unsubscribe' On Unwanted Emails? Security Experts Weigh In
If you're like me, you spend part of your morning sifting through your inbox to separate the important stuff from the deluge of junk mail that fills it up each and every day (including Gmail accounts, despite Google's best efforts). Even with spam controls in place, it doesn't take much for an email address to become a heavy target for marketers. The question is, should you click on that 'Unsubscribe' link in unwanted emails, and if so, will it do any good? The simple answer is 'No, absolutely not'.
The longer answer is, 'No, absolutely not because not only is it ineffective, but clicking that link could also pose a security risk.' So says cybersecurity experts who spoke with The Wall Street Journal. One in particular—TK Keanini, chief technology officer at DNSFIlter—says that once you've clicked that Unsubscribe link, "you've left the safe, structured environment of your email client and entered the open web."
Why does that matter? According to DNSFilter, those Unsubscribe links will sometimes direct unsuspecting victims to a malicious website, which opens up a whole new can of worms beyond simply dealing with a cluttered inbox. The good news is, this isn't a super prevalent risk—just one in every 644 clicks, DNSFilter says. Still, if you think about how many spam emails you field each day, the risk is higher than it may appear.
Michael Bargury, chieft technology officer and co-founder of Zenity, an AI agent security firm, echoed that sentiment saying, "If the redirected site asks you for your password to unsubscribe, that's a red flag. Don't do it."
That's an obvious tip for more savvy users, but it's no the only risk associated with clicking an Unsubscribe link. According to Bargury, unsubscribing can have the opposite of the intended effect by letting attackers know that you interact with spam, thereby making you an even bigger target.
Even beyond the phishing and/or malware risks, unsubscribing to emails can alert the sender that you're a real person with an active email account.
So, what can you do? Multiple security experts told WSJ that they prefer to use the "list-unsubscriber headers" in emails. These are built-in, hyperlinked buttons from actual email service providers, and they're usually safer than clicking on an email's Unsubscribe link.
If that's not an available option, the experts say to just tag the email as spam and be done with it. You can also set up filters for senders (and keywords), and/or use a disposable/temporary email when signing up for a service or if an email address is required for a coupon code.
