Opting In, Opting Out

Now, before I start going down this path, I want to be clear: this requires knowing (and I do mean knowing) who's sending you the email we're about to deal with. As always, if you don't know who sent it to you, consider it spam, and the steps below do not apply. In fact they could make things worse by increasing your spam load. More on that later.

The Sin of Omission

One of the very common techniques businesses use to attempt to establish an email relationship with you is a silly little checkbox that often looks something like this:

Yes, keep me informed of product updates!

Sometimes it's "helpfully" checked for you even. What they're really asking is "may we send you mail". Technically it's not spam because you asked for it by leaving that checkbox checked - you "opted in".

You'll find that little checkbox, or checkboxes very much like it, quite often when you're checking out of an on-line store, or perhaps when you install software on your machine. In the most egregious cases, it can be quite well hidden. You might find it only after you scroll down in some list of other options, for example, or in small print "below the fold" (off the bottom of the first screen full) of some web page.

A reputable company will use it to trigger a double-opt-in confirmation to join their mailing list. That means you'll still need to respond to a confirmation email before you'll actually start receiving their mailings. However, especially when it can be claimed to be part of a "business relationship" (and online purchases or software installs count), that confirmation isn't technically required, and is often omitted.

The lesson here: Any time you're filling in forms that require your email address, or any time you make an online transaction, and any time you install software, actively look for and unselect any requests to be placed on mailing lists, to send you updates, or to keep you informed by email.

Unless, of course, you really do want the email. Sometimes we really do want to be kept up to date, or whatever. Just make it a conscious choice.

Just Say No

Say you're like me and in your younger days you were lazy. You didn't know better, and you have companies or other concerns with which you occasionally do business sending you email. Maybe it's the latest sales flyer from an online store, or the latest upgrade announcement for the whiz-bang software you use once or twice a year.

What to do? Can you get them to stop?

The answer is a qualified yes.

The qualifications are this: you need to be able to tell what is and is not actually spam, and this really only applies to reputable companies.

Let's take an example. Let's say I purchased a shirt online at Joe's Shirt Shop on the internet. A couple of weeks later I start getting promotional material from Joe's Shirt Shop. Whoops! I forgot to uncheck the "keep me informed" button. Very technically I gave Joe's Shirt Shop permission to send me email.

Now, I know Joe's Shirt Shop. They're national, they have a good reputation, and I trust them. I just don't need their weekly email.

So, at the bottom of each email from Joe's Shirt Shop is an unsubscribe link.

This is not spam, I trust Joe and his Shirt Shop, so I hit the unsubscribe link. Joe, or his IT department, does the right thing - they remove me from their mailing lists, as requested.

I recently went through a round of this myself. I've been receiving email from various and sundry firms that I've done business with in the past. As a new marketing mail came in, I judged whether or not this was really from who it claimed to be, and if it was, I unsubscribed. As simple as that. And yes, it worked.

So obviously, avoid implicitly agreeing to receive email in the first place, but don't be afraid to unsubscribe from mailing lists you know to be legitimate. It does work. Really.

Just Say Maybe

So all that does beg the question: what if you're not sure? How do you tell whether something is "legitimate"?

Here are a few tests:

• If you've never hear of the company or sender, or know that you've never done business with them, go ahead and assume it's spam. (Note I did emphasize know that you've never done business with them - it only takes once, and it could have been some time ago. If you think you might have, continue on with the next tests.)

• If the unsubscribe instructions involve clicking on a link, will it actually go to where it says it will? For example, hover over this link to eBay: http://www.ebay.com. You should see that it doesn't go to eBay at all! That's a sign ... often a strong sign ... that what you're looking at is an attempt to deceive. On the other hand, if the link matches, like this one: Ask Leo!, where the text "Ask Leo!" makes sense as a match to the destination URL "http://ask-leo.com", then that's a good sign, and speaks to the link probably being legitimate.

• If the destination of that link doesn't make sense, or perhaps is in a foreign country, than you might be looking at another attempt to deceive. A reputable company will either route things through its own servers and domain names, or that of a reputable email service provider. For example the unsubscribe link for Joe's Shirt Shop mail should either be a link to a page on Joe's Shirt Shop's internet domain, or that of a mailing list provider such as aweber.com, lyris.com or others. Most importantly, if it goes off to a domain in a foreign country (say a domain ending in ".ru", for Russia, where sadly a lot of phishing attempts originate, or any of a host of others), then you probably want to think twice before clicking on it.

• If the instructions are to click on a link to send mail ... don't. Instead, copy the email address using copy/paste, or by hand even. The techniques I mention above about deception in URLs apply equally well to links for email addresses. In fact, all of the comments regarding the domain apply as well: it should somehow relate to the company involved, or a mailing list service.

If it passes those tests, then chances are you're dealing with a legitimate email, and my approach would be to follow the unsubscribe instructions.

If the email fails some of those tests, then I would treat it like any other piece of spam, and avoid the unsubscribe instructions completely.

Just Say Yes

Remember, this isn't about stopping all email. This is about making a choice. Getting the email you want, and not getting the email you don't.

In many cases email from a business relationship is, in fact, critical. Consider your bank, for example. If your bank has something to say to you, you're likely to want to hear about it. That's one of the reasons that phishing scams so often target banks - not only is the bank "where the money is", but recipients of those scams are likely to care about whatever their bank might be trying to tell them. Fortunately phishing scams typically fail one or more of the tests I've outlined above.

So you probably don't want to "opt out" of your bank's mailing list. In fact, you might even elect to give it a higher priority.

This is one of those situations where, if you've followed my recommendation to have multiple email addresses, you might elect to use your private, closely held email address. That way you know that any email coming in on other email addresses claiming to be from your bank are either forgeries, or at least unimportant. By registering your private email address with the institutions you trust and place high importance on, you know that anything truly important will be sent to that address.

It's All About Choice

For this class of email that we're cleaning up, it's all about choice. Choosing not to get email in the first place. Choosing to stop email from legitimate senders that we don't need. And even choosing to accept, and prioritize, the email that we do want.

Ultimately it's about consciously making choices to get less mail.

The power of choice is yours. Use it wisely.