Recommended reading

That ‘unsubscribe’ link is actually a hidden security risk — do this instead

News
By published

There are better options for getting rid of those unread emails

An email inbox displayed on the screen of a laptop, next to a cup of coffee.
(Image credit: one photo/Shutterstock)

That “click to unsubscribe” button you see at the bottom of an email, the one you’ve probably used dozens of times to remove yourself from newsletters, shopping emails and thousands of other emails in your inbox, well, it turns out that it’s likely to become a security risk at some point.

TK Keanini, a CTO a DNSFilter, discussed the issue recently during an interview with the Wall Street Journal where they warned against using the button that appears at the bottom of commercial emails. When you run the numbers, according to Keanini, one out of every 644 clicks can lead to a potentially malicious website.

Users, says Keanini, should understand that clicking these links take them out of the safe environments provided by their email client and onto the open web which is a much more risky landscape.

In addition to alerting threat actors that the email address is active, unchecked unsubscribe links can redirect users to phishing websites, which are designed to steal passwords or login credentials, and could even potentially deploy malware according to reporting from Techspot.

Other experts are quoted to add that legitimate vendors may ask for an email address but the general rule of thumb is if you don’t trust the company who sent the email, you shouldn’t trust their unsubscribe process either.

The safest way to process this type of request on your end is to use the “list-unsubscribe headers” that are provided by your email service. These generally appear as built-in buttons in your email client, not in the body of the email itself, so they won’t include any suspicious source code. If your email header doesn’t contain a link, you can reply on your spam filters, or try blacklisting the sender instead.

If all else fails, you should try to use disposable email addresses to sign up for accounts, though it can make certain online activities more difficult. Likewise, you should always ensure that your PC is protected with the best antivirus software and your Apple computer with the best Mac antivirus software to avoid any potential malware infections that can result from clicking a dodgy unsubscribe link.

More from Tom's Guide

See more Computing News
Amber Bouman
Amber Bouman
Senior Editor Security

Amber Bouman is the senior security editor at Tom's Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps. 

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.