I have several managers that get themselves on email lists either from trade shows they go on, downloading white papers, etc. They now want to unsubscribe to these emails. Obviously I can’t give a blanket statement that those links are safe, and these users are not always the most cautious with checking BEFORE they click. How do you handle that?
If it’s from a vendor they know and they’ve interacted with in the past (e.g., trade show as you suggested), then I recommend that they use the unsubscribe link. I much prefer that to marking it as junk. I might modify that policy a bit as we get into the KnowBe4 anti-phishing program deeper although the training should make it safer for people to confirm that these links are good before they click.
I understand your concerns. Unfortunately here the only blanket statement you can make is don’t click on links and you won’t get into trouble. If your users really can’t be bothered to make note of what they sign up for, then I suggest going the mark as spam route. It is not the end of the world.
You should use the same process as you do for every other email to assess that the email is from the actual vendor not a phish. If it passes the Knowb4 training muster test, then use the link, otherwise I would either mark it spam if it’s a phish or true spam, but if it’s a legitimate vendor and the unsubscribe link is not an option, e.g. you’ve opted to unsubscribe but they still email you (happens to me all the time, very frustrating, some of them only update the recipients list once a month and you could be getting 3 more weekly emails that month after unsubscribing - annoying!) then mark it junk. I don’t like marking it as spam if it’s a legitimate vendor as that can unnecessarily damage their ability to conduct legitimate business via email. We’re a vendor, I wouldn’t want someone doing it to me.
It is a hard one, even magazine style subscriptions I have via email such as Tech Target, Computer Weekly and other InfoSec websites grab your email address and share it with others whenever I download a whitepaper or want access to some particular news article. I tend to read the fine print and check/uncheck any boxes to try and minimise spam from related unknown companies but never click unsubscribe if I do not know them as this may lead to more trouble.
I dare say I am hoping for a lot to think that this rubbish practice will stop after 25th May 2108. One method I use to reduce this inconvenience is to use a burner email address for those one off subscriptions so even if a load of spam is potentially coming my way after a couple of days the email address doesn’t exist anymore.
Thank you for your responses! Definitely helpful.
I would agree with others, they only way they can unsubscribe is by clicking on the unsubscribe option at the bottom of the email. With them having to do it they may be a bit more careful about what they sign up to but I doubt it!