I can't test unsubscribe mechanisms! Help me, google!
32 views
Skip to first unread message
shanen
Aug 9, 2015, 1:49:11 AM8/9/15
to Suggest a Labs feature
Google implemented a fractured unsubscribe feature some years ago (and it was recently partly copied by Microsoft for their email system). This is a suggestion for a more general and superior version.
Background: Many spam messages include unsubscribe mechanisms, most often as unsubscribe email addresses or links to unsubscribe webpages. These mechanisms are dangerous and should never be used in the case of true spammers (AKA sociopaths). In the least harmful case, you are confirming your email address for future spam, and in worse cases you may be visiting a poisonous website that will attempt to pwn your computer without so much as a click on your part. However, there do exist unsubscribe mechanisms that actually work, and the google is implicitly endorsing an unsubscribe mechanism when they offer that option--but of course the google is not so brave as to explicitly endorse the unsubscribe mechanism.
This suggestion is that google improve the unsubscribe option by testing the unsubscribe mechanism, possibly with our help. I know that the google's lawyers won't allow them to take the enormous responsibility of explicitly endorsing or recommending the use of an unsubscribe mechanism, but I'm suggesting that they could share some data with us to help us decide in a more meaningful way whether or not we should try it. There's actually quite a bit more to it than this, but for this venue I'm trying to stick to the most obvious and basic tests:
(1) The google can test honeypot email addresses with the unsubscribe email address and tell us what happened. The report might say something like "We attempted to unsubscribe using 10 different honeypot addresses. In the 10 months since then, none of those honeypot email addresses have received any spam. We estimate 90% probability the unsubscribe email address is valid and honored."
(2) The google can use a specially secured machine to visit an unsubscribe website, studying its behavior for peculiarities. Again, the mechanism can be tested with honeypot addresses. The report could be extended with something like "We have checked this unsubscribe website 10 times over the last year, most recently on <date>. The website was changed only once, and never seemed to trigger spam to our test email addresses. We estimate an 85% probability the unsubscribe mechanism is safe." (The case with a website is obviously much trickier, and I admit that I don't see any perfectly safe solutions, but even in this case I might be willing to take a bit of a risk to help.)
(3) The google could ask me for additional data. For example, if the google can link the suspicious email to an opt-out (or opt-in) mechanism on some website, they can ask me whether or not I've visited that website recently. I might agree to the use of my browsing history information to help, too, but it should be done up front, which is increasingly obviously not the google way of doing things.
In any case that I elect to trigger the unsubscribe mechanism with the google's help, that information should be stored for future reference. I would be able to see a list of unsubscribe attempts and an archival copy of the associated email, and possibly detect such things as a reappearance of spam that seems to be from the same source, thus providing more data for the google to use in fighting criminals and scammers.
Actually, I think that this should be part of a more general anti-spammer tool for wannabe spam fighters, those good Samaritans who are willing to donate a bit of their time towards putting the spammers out of business. I'm NOT saying that we can eliminate all spam or convert the spammers into decent human beings. I'm saying that we could hurt them in their most sensitive organs--their wallets--and that some of them would then crawl under less visible rocks. I want to help break ALL of the spammers' infrastructure, pursue ALL of the spammers' accomplices, and even help protect ALL of the spammers' victims. (Even though the humans are being protected from themselves and the corporate victims (who are NOT persons) are big enough not to need my help.) I think this could be implemented as an iterative webform with analytic passes from the server alternating with confirmation passes from the human spam fighters. The important numbers are on OUR side: LOTS of people hate spammers, but only a FEW suckers feed them.
Here is the more hotblooded and possibly amusing version of this same suggestion as mostly recently drafted and submitted to the Gmail reporting form, included here largely to explain why I'm sending the same suggestion to other email providers (specifically Microsoft, Yahoo, and Apple for now). I don't really care who implements the solution, eh?
Background: Many spam messages include unsubscribe mechanisms, most often as unsubscribe email addresses or links to unsubscribe webpages. These mechanisms are dangerous and should never be used in the case of true spammers (AKA sociopaths). In the least harmful case, you are confirming your email address for future spam, and in worse cases you may be visiting a poisonous website that will attempt to pwn your computer without so much as a click on your part. However, there do exist unsubscribe mechanisms that actually work, and the google is implicitly endorsing an unsubscribe mechanism when they offer that option--but of course the google is not so brave as to explicitly endorse the unsubscribe mechanism.
This suggestion is that google improve the unsubscribe option by testing the unsubscribe mechanism, possibly with our help. I know that the google's lawyers won't allow them to take the enormous responsibility of explicitly endorsing or recommending the use of an unsubscribe mechanism, but I'm suggesting that they could share some data with us to help us decide in a more meaningful way whether or not we should try it. There's actually quite a bit more to it than this, but for this venue I'm trying to stick to the most obvious and basic tests:
(1) The google can test honeypot email addresses with the unsubscribe email address and tell us what happened. The report might say something like "We attempted to unsubscribe using 10 different honeypot addresses. In the 10 months since then, none of those honeypot email addresses have received any spam. We estimate 90% probability the unsubscribe email address is valid and honored."
(2) The google can use a specially secured machine to visit an unsubscribe website, studying its behavior for peculiarities. Again, the mechanism can be tested with honeypot addresses. The report could be extended with something like "We have checked this unsubscribe website 10 times over the last year, most recently on <date>. The website was changed only once, and never seemed to trigger spam to our test email addresses. We estimate an 85% probability the unsubscribe mechanism is safe." (The case with a website is obviously much trickier, and I admit that I don't see any perfectly safe solutions, but even in this case I might be willing to take a bit of a risk to help.)
(3) The google could ask me for additional data. For example, if the google can link the suspicious email to an opt-out (or opt-in) mechanism on some website, they can ask me whether or not I've visited that website recently. I might agree to the use of my browsing history information to help, too, but it should be done up front, which is increasingly obviously not the google way of doing things.
In any case that I elect to trigger the unsubscribe mechanism with the google's help, that information should be stored for future reference. I would be able to see a list of unsubscribe attempts and an archival copy of the associated email, and possibly detect such things as a reappearance of spam that seems to be from the same source, thus providing more data for the google to use in fighting criminals and scammers.
Actually, I think that this should be part of a more general anti-spammer tool for wannabe spam fighters, those good Samaritans who are willing to donate a bit of their time towards putting the spammers out of business. I'm NOT saying that we can eliminate all spam or convert the spammers into decent human beings. I'm saying that we could hurt them in their most sensitive organs--their wallets--and that some of them would then crawl under less visible rocks. I want to help break ALL of the spammers' infrastructure, pursue ALL of the spammers' accomplices, and even help protect ALL of the spammers' victims. (Even though the humans are being protected from themselves and the corporate victims (who are NOT persons) are big enough not to need my help.) I think this could be implemented as an iterative webform with analytic passes from the server alternating with confirmation passes from the human spam fighters. The important numbers are on OUR side: LOTS of people hate spammers, but only a FEW suckers feed them.
Here is the more hotblooded and possibly amusing version of this same suggestion as mostly recently drafted and submitted to the Gmail reporting form, included here largely to explain why I'm sending the same suggestion to other email providers (specifically Microsoft, Yahoo, and Apple for now). I don't really care who implements the solution, eh?
What we have here is almost certainly part of a campaign of personal harassment targeted against me for some personal reason. Lots of possible reasons, though I suppose the nastiest might be for my race or religious background, though I suspect it's for my anti-fake-conservative anti-neo-GOP political beliefs. The google could help stop this, but the google don't care. The google is increasingly EVIL and focused on nothing but making more money, which is a fool's errand. If you are so smart, how long do you think you can sustain logarithmic or super-logarithmic growth?
If the google wanted to help, the solution in this particular case would be to validate the anti-subscribe mechanism. I believe that [for ME to do it] would be a stupid thing to do, and would only confirm my email address for a scamming spammer. It is too possible that I might be mistaken because my data is insufficient. The main thing I know is that I NEVER would have knowingly requested this kind of crap, but the google could gather more data. Maybe it's just an overly aggressive but basically legit scammer who would honor the unsubscribe request without reselling the email address to other scammers. The google could find that out by using honeypot addresses tracked over a bit of time, perhaps with some help from the victims (by creating resources and anti-spammer tools we could use together). The google could even figure out if there is a slimy opt-out webpage somewhere and warn me about it.
Too bad the google don't care. The ancient slogan of "Don't be evil" has become something of a sick joke. For a while I thought it could be fixed, perhaps with a rider clause like "or support evildoers", but I've given up on the google now. It would be as pointless as hoping the google would correct their other corporate model to recognize the world's information is different from my personal information, and while the world's data should be shared, I should retain control over my personal information. No chance. Here is the only motto that makes sense for today's google:
"All your attention are belong to us, the google."
Goofy 235
Aug 9, 2015, 9:41:31 AM8/9/15
to Suggest a Labs feature
Do you really expect someone from Google to read all this rant of yours???
Tsk, tsk, tsk!
(copy/paste from an older posting)
In case you think someone from Google monitors this forum or this is a popularity contest, take a look at:
https://groups.google.com/forum/#!topic/gmail-labs-suggest-a-labs-feature/Wz55gyU03h4
So, keep on asking/+1/begging/pleading/cajoling/threatening, you never know...BUT, don't hold your breath :-)
shanen
Aug 10, 2015, 3:29:47 PM8/10/15
to Suggest a Labs feature
(1) If you [self-described "Goofy"] have a better idea, please explain it.
(2) If you see
errors in my data or analysis, please point them out.
(3) If you want to
understand something, then you should ask politely for clarification.
(4) If you have nothing to say, then you should say nothing.
Now I have a little something to say. Respect for the individual is a hard thing. To be meaningful, it has to go everywhere. Some people are easily and obviously worth respecting, but to really apply the principle, it is necessary even to respect, in this case, Goofy 235. I have failed again. I only feel like I've wasted keystrokes on a proudly ignorant buffoon.
shanen
Aug 10, 2015, 3:34:04 PM8/10/15
to Suggest a Labs feature
I wish there were an editing feature for at least a few minutes, especially when the system mangles the format during the posting process. In addition, I would have modified the second one as "you [anyone reading this]" and the third one to "you [especially Goofy]".
Goofy 235
Aug 10, 2015, 3:55:47 PM8/10/15
to Suggest a Labs feature
(copy/paste from an older posting)
In case you think someone from Google monitors this forum or this is a popularity contest, take a look at:
https://groups.google.com/forum/#!topic/gmail-labs-suggest-a-labs-feature/Wz55gyU03h4
So, keep on asking/+1/begging/pleading/cajoling/threatening, you never know...BUT, don't hold your breath :-)
110,466 ACTIVE topics later...
shanen
Aug 16, 2015, 12:35:17 AM8/16/15
to Suggest a Labs feature
You [Goofy] seem to have a stutter in your keyboard or your brain. Drop by again if you come up with a useful contribution. However, I won't be holding my breath.
shanen
Aug 18, 2015, 8:48:58 PM8/18/15
to Suggest a Labs feature
Over a week, and apparently only 11 views? At least two of those were probably by a spammer. At least that's the conclusion I tend to leap to whenever someone responds with a defense of the spammers. I can certainly understand why the spammers would keep an eye out for new anti-spammer measures that might threaten their sensitive organs. Yeah, I really want to kick them HARD right in the wallet.
Still, it amazes me that there is so little activity here. Unlike COBOL, the newsgroups really have died--and the google killed them. Sad, especially since I think the google was sincere in not wanting to kill them (but presumably a waste of more keystrokes to repeat any suggestions along those lines since even the google has abandoned Google Plus to its sad fate).
Anyway, in a related development regarding untestable unsubscribe mechanisms, I can now name Amazon, too. The comment in the OP was related to a particular piece of email that I suspected was part of a harassment campaign. At that time I suspected Amazon was also being used, and based on information I received from Amazon this weekend, I am now certain of it. If the google cared in any constructive way, then it might be worth describing here, but my general theory there is that the google actually hopes for Amazon to have problems, and the outright failure and bankruptcy of Amazon would make them happiest.
Should I at least drop a hint? Naw, no evidence anyone cares, even the trolling spammer with the silly handle.
Still, it amazes me that there is so little activity here. Unlike COBOL, the newsgroups really have died--and the google killed them. Sad, especially since I think the google was sincere in not wanting to kill them (but presumably a waste of more keystrokes to repeat any suggestions along those lines since even the google has abandoned Google Plus to its sad fate).
Anyway, in a related development regarding untestable unsubscribe mechanisms, I can now name Amazon, too. The comment in the OP was related to a particular piece of email that I suspected was part of a harassment campaign. At that time I suspected Amazon was also being used, and based on information I received from Amazon this weekend, I am now certain of it. If the google cared in any constructive way, then it might be worth describing here, but my general theory there is that the google actually hopes for Amazon to have problems, and the outright failure and bankruptcy of Amazon would make them happiest.
Should I at least drop a hint? Naw, no evidence anyone cares, even the trolling spammer with the silly handle.
Message has been deleted
Message has been deleted
shanen
Aug 23, 2015, 10:29:31 PM8/23/15
to Suggest a Labs feature
I do want to retract the speculation about the "trolling spammer with
the silly handle". At this point, I think he is, notwithstanding his
handle, sincere and sincerely annoyed with the google.
I'm STILL sorry that the unsubscribe support of Gmail is so feeble and worthless and that there is so little hope of the google doing anything constructive to improve it. Apparently nothing will happen until someone at the google figures how how to make more money from improving it, even if the google is wrong about making more money. For example, the cosmetic silliness of the recently added Inbox in comparison to offering some actually USEFUL features or options.
Reviewing the sheer number of requests for future delivery of email, I have to say that there is overwhelming evidence that the google is completely and utterly indifferent to silly bums and peasants. You know. Normal folks like you and me. The google don't care. Perhaps I should revise the lawyers' ontology of negotiations beyond friend, adversarial, and hostile. The google is negotiating from a position of total indifference.
Or another possibility for the real thinking of the google:
"So enough with all the email already. Who needs more?"
I'm STILL sorry that the unsubscribe support of Gmail is so feeble and worthless and that there is so little hope of the google doing anything constructive to improve it. Apparently nothing will happen until someone at the google figures how how to make more money from improving it, even if the google is wrong about making more money. For example, the cosmetic silliness of the recently added Inbox in comparison to offering some actually USEFUL features or options.
Reviewing the sheer number of requests for future delivery of email, I have to say that there is overwhelming evidence that the google is completely and utterly indifferent to silly bums and peasants. You know. Normal folks like you and me. The google don't care. Perhaps I should revise the lawyers' ontology of negotiations beyond friend, adversarial, and hostile. The google is negotiating from a position of total indifference.
Or another possibility for the real thinking of the google:
"So enough with all the email already. Who needs more?"
Reply all
Reply to author
Forward
0 new messages