One of the few things that the "YOU-CAN-SPAM Act" did when it went into effect in the U.S. last January is to require that all bulk e-mail mesages contain a way to unsubscribe. Many other countries have similar or much stronger requirements.
But in a study of legitimate e-mail newsletters, Web usability guru Jakob Nielsen found that it took end users an average of 3 minutes and 5 seconds to unsubscribe from the typical newsletter. And that's how long users needed to decipher a respectable unsubscribe page, not some phony Web form set up by spammers.
Hunting around an unfamiliar Web page for three minutes is more work than simply pressing the Delete key every time an unwanted newsletter appears. For this reason, e-mail users are far more likely to click Delete, or create a filter rule to divert such newsletters, or erroneously use a Report Spam button than they are to try to unsubscribe.
I wish this startup well, but its automated unsubscribe-management service would seem to be an obvious feature for e-mail programs themselves to provide. Therefore, I have a modest proposal.
Using Ctrl+Del And Shift+Del
Imagine this: The Delete key on our keyboards could become just one of three, equally-fast methods to dispose of e-mail messages:
• Del. Pressing the Del key in future e-mail programs would move a message into the trash, just as it does now.
• Ctrl+Del. Holding down the Ctrl (control) key with Del would launch an automatic unsubscribe process back at newsletter headquarters. An easy way to remember this key combination is that "Ctrl+Del" is how you "Control Your Subscription."
• Shift+Del. Holding down the Shift key with Del would report the selected message as spam. This would also invoke whatever penalties an Internet service provider happens to offer. The memory-jogger for this key combination is that "Shift+Del" and "Spam" both start with the letter S.
Lashback's button, which integrates into Microsoft Outlook and Outlook Express, effectively figures out for you which bulk e-mail you can safely unsubscribe from and which are scams that you must filter out in the future. It uses a simple formula to make this decision: A working unsubscribe mechanism equates with legitimate e-mail, a bogus mechanism indicates spam.
A study I reported on in my last column, however, found that 51% of the e-mail newsletters from 1,000 legitimate companies, including most of the Fortune 500, provide no unsubscribe link at all. In addition to that fact, I doubt that most e-mail users will add another $29.95-a-year service to their budgets just to perform a function that all e-mail programs should already have.
Moving Toward An Industry Standard
It seems to me high time, therefore, that users demand a new Internet standard that makes an unsubscribe process that's guaranteed to be safe as simple as clicking a single button or a pressing a single key combination.
Michael Perone, marketing vice president of Barracuda Networks, feels such a standard shouldn't be proprietary. "It would be much easier for people to accept if it was an open-source thing," he says.
Perone's company makes the Barracuda Spam Firewall, a 1U rackmount appliance that won an Editor's Choice award last May from among 28 filtering solutions tested by Network Computing magazine. But the device as yet has no Lashback-like way to determine for an end user whether an unsubscribe link is safe to invoke.
A legitimacy rating system, Perone says, "could have levels of good or not-so-good," rather than simply pass/fail. "Maybe some server wasn't working or something." A temporary outage should be factored into a newsletter publisher's score rather than a single failure causing a permanent demerit.
Such a ranking mechanism could be set up "like RBLs [real-time blocklists] are done today, with some kind of reverse DNS lookup," Perone explains. "Guys like SpamHaus and SpamCop must be thinking of going to that."
Sophisticated And Automated
The inability for end users to trust the anarchic unsubscribe mechanisms of today's e-mail lists hurts legitimate publishers while doing nothing to deter spammers, says David Troup, president of Solinus.com. His company makes MailFoundry, a new spam-filtering appliance that began shipping on Sept. 8, too recently to have been considered in Network Computing's comparative review.
A sophisticated yet automated way to discern good senders from spammers is necessary for e-mail to work as a reliable communications medium, Troup says. "When you have end users participate in spam reporting, you get a tainted database [with many false complaints]," he explains. "We encourage our users to report spam, but each report goes to a human editor."
Troup suggests that, as long as a working unbsubscribe mechanism is now required by law in the U.S. and elsewhere, the procedure could be standardized using Internet methods that any e-mail program can tap into. For example, e-mail servers that send out legitimate lists can be reached by e-mail programs via routines called POST and GET.
"In the HTML format, you can send that POST or GET to a mail server," which could interpret the feedback as an unsubscribe command, Troup says.
A Seal Of Confidence
Until this kind of reliable unsubscribe method is standardized and widely available, Lashback has its own proposal to reassure end users that a particular newsletter honors cancellation requests.
The company offers to publishers a "Lashback Certified Safe Unsubscribe" seal. This is a small graphical image that publishers with a demonstrably working unsubscribe mechanism can display in their newsletters and on Web pages. Clicking the image leads the user to a separate explanation staing that the sender is certified by Lashback to honor removal requests and that any e-mail addresses entered are safe from spammers.
This is a great idea. Unfortunately, a quality seal from a little-known company doesn't exactly have the reassuring ring of "UL Certified" and other programs that are backed with millions of dollars of advertising.
Thanks to the so-called smart folks who invented the Internet's weak e-mail protocols, however, an ID effort from an obscure little software company is currently about the only guarantee of an unsubscribe mechanism that we've got.