Ask HN: What can you do when “unsubscribe” doesn't work?
I've gone through a "successful" email unsubscribe process quite a few times with some companies, only to find out that nothing really happened (keep receiving weekly/monthly spam).
These aren't shady companies either: they are large legit entities in the US.
I've given them the benefit of the doubt a few times, thinking that perhaps a bug failed to write my update to their subscription database, but after a handful of tries with the same outcome, I realized it is not isolated.
Of course I can add an email filter, but that will not take care of the root cause that most likely affects everyone else too, whether it's a deliberate attempt at denying my request to unsubscribe or simply a bug that nobody has a way to report.
What is a proper gentle nudge to say "hey, your unsubscribe system is broken, please fix it"?
There is usually no contact info available to have this kind of "out of band" communication. > What is a proper gentle nudge to say "hey, your unsubscribe system is broken, please fix it"? Report it to their email service provider via the abuse@ alias[1]. Tell the ESP what the problem is and ask them to contact their customer and clue them in. Reputable ESPs do this regularly. [1]: Use the “Received” SMTP headers to see which ESP a message was sent through: https://mxtoolbox.com/EmailHeaders.aspx,
https://www.lifewire.com/email-headers-spam-1166360, https://www.smtp2go.com/blog/effectively-report-spam/ Is there any information to back that up? I think it's more likely that ESPs would gladly ignore a few people in favor of their paying customers, especially since in these cases they can write those people off as "cranky privacy crackpots" who don't contribute to the consumer culture they thrive in. I’ve done it and had well-known ESPs write personal responses (not templates) saying they’ve contacted the customer about the problem. They could be outright lying, but that probably wouldn’t scale well beyond a small support group. I believe the incentives are more aligned than you might think. An ESP isn’t risking revenue by telling a customer that something’s not working and making them fix it. All parties know that ignoring it manifests in poor deliverability, often quickly (thanks, Gmail “Spam” button!). In my experience, your skepticism is justified about ESPs permanently shutting off a customer, but they’re comfortable doing anything short of that. I now use one-off email addresses for every service I sign up for. e.g. <random>@mydomain.com It’s great to detect security leaks, but I can also just delete the address and then any email to it will bounce. This usually gets you off their list anyway after a hard bounce. I do the same. If I receive messages I don't want, I disable the address they are sending the message to. (Then they will get a error message from the SMTP server when trying to send the RCPT TO command.) I run my own email server and just use the /etc/aliases file to list the names that are acceptable. (I also have it configured so that real user names don't work, only aliases will work) I used to do this on gmail too before swapping to my own domain. On gmail you can use + to create aliases on demands. If you username is Foo.Bar and you are signing up to example.com you can use the email address “Foo.Bar+exampleCom@gmail.com” and it will land in your inbox. If a company leaks your email or stops respecting your choice about how they email you, you can just blackhole that username+aliases@gmail.com straight to trash. If a service refuses to allow you to use + in your email address you can use the period “hack” (I call it a hack, cause iirc it was meant as impersonation protectionand not meant to be used this way). On gmail your username can basically have as many or as few periods in it as you like. So using the Foo.Bar@gmail example foobar@ f.oobar@ fo.obar@ Fooba.r@ etc etc etc all work. You will just have to keep track on which username&period combo you used on X service yourself. This will work if the sender is just incompetent or uncoordinated. If they want to keep sending you spam against your wishes, they will just normalize back to your base address. you could keep a dotted form that you only share with entities that you trust absolutely, but that seems fragile Are all of those addresses aliases for the same mailbox? Do you run your own email server, or how do you manage creating a new address for each service with reasonable convenience? yes I run my own email server, but essentially forward to fastmail. I have a small script that generates a new forwarder. I add a note to remember what’s the purpose of the new email, and it also sends me an email with the note for quick lookup later on if necessary. I think there are some services that lets you set up forwarders, and even some domain registrars will give you this for free or a small fee (although I guess the script part might be something you’ll have to figure out) What's the benefit of running own server in this case? Wildcard aliases is actually a standard fastmail feature, I use it a lot. No per-email setup needed whatsoever, I just give out <whatever>@mydomain.com, they all will reach my inbox. Haven't seen people sending spam to random aliases at my domain yet. can you bounce one of those aliases? I have other reasons for having my own server (more mailboxes, domains, vendor lockin protection, own backups etc) Yes, you can explicitly set up additional aliases that will bounce incoming mail (or redirect it). It's an option in "New Alias" screen - "Reject (bounce) all mail sent to this address (disable the alias)". While everything else not explicitly configured would get caught by the wildcard alias and delivered to the inbox you specified for it. That’s good to know! I do the same, but I use catch-all so I don't have to create emails for each service. Go on LinkedIn and identify the CMO. Create a forward to that person’s email address so all the spam bounces back to them. If enough people start doing this may become part of email culture. Then we're looking at a point where CMOs all around the world are getting bombarded with the same shit they force down people's inboxes. I love this. I usually hit them with a GDPR request but this is pretty good as well. Set up a gmail rule that searches for the word "unsubscribe".... Ha ha genius. Gmail sort of does this automatically with the promotions tab anyway. Just periodically nuke the emails in that view. Blocking the sender won't even work. These companies, though they maintain plausible deniability, deliberately ignore and evade attempts to escape their marketing space. They will occasionally shift the domain and sender to counter any blacklists. Or they will find a way to link your previous subscription to one list to a business relationship that allows them to add you to ANOTHER list. The most effective solution would be a fuzzy match on the org's name, but you would probably lose legitimate messages that way, and they also like to change their names every now and then. I'm not talking about sketchy criminal companies, but large US-based companies and charities like OP is. The only thing you can do is consider it a kind of digital chicken pox. It will always be a part of you, but hopefully it will remain inert. Never do anything to acknowledge that you have seen the messages or that you even remember that the sender exists. E-mail them directly? Check if they have a twitter feed (and one that actually interacts with ppl, not a PR firehose) and send them a DM? Alternatively, look up folks on Linkedin working at that company, preferably sysadmins/devops/whatever-its-called-this week, and e-mail them? Please dont do this Why not? Why shouldn't scum be held accountable? I’m on Gmail and when this happens I just mark it as spam. It has happened to me. I simply sent them an email explaining the thing. They replied that I've been unsubscribed. I received emails again. I asked them again, and they fixed it. Same situation. Humans were involved, and it was resolved. I find that many times unsubscribing automatically subscribes you to something else so it's simpler to just flag it as junk. Unsubscribing could be seen as a signal that said mailbox is active and is not something I am willing to share with marketers. What we need is more federal laws that make it a crime to continue spamming someone once of course they hit that unsubscribe button -- and of course the spammers themselves keep the rolls of who tried to unsubscribe. Complaining about it on Twitter might work (tag the company, maybe an exec or two). I'll mark it as SPAM, from the 2nd or 3rd time. I marked our PM's marketing as SPAM because they're sending emails to me when I never signed up for one. I try hard to unsubscribe to small companies because marking their spam will be easy but it may hurt the companies future emails. Mark it as spam in gmail. Create a rule to trash the emails. You can block the sender’s address From OP: > Of course I can add an email filter GDPR/CCPA request if this applies to you. Alternatively, redirect the spam to someone high-up whose time is worth a lot of money.