Although we’ve been conditioned to view unsubscribe links as a legitimate means to exit mailing lists, experts now warn that they can act as bait for scammers.
As reported by WSJ, a recent study by DNSFilter revealed that one in every 644 clicks on unsubscribe links leads to potentially harmful websites. The risks vary from simple email validation—informing spammers that your inbox is active—to more malicious tactics like malware installation or phishing attempts on fraudulent web pages.
Michael Bargury, co-founder of AI security firm Zenity, indicated to WSJ that clicking these links signals to malicious actors that you are a real person. “It can make you a bigger target in the future,” he cautioned. Once your email is marked as responsive, cybercriminals may start building a digital profile for more sophisticated scams or social engineering schemes.
Charles Henderson from security firm Coalfire noted that seemingly genuine unsubscribe pages can actually be traps designed to steal credentials or deploy malicious code. “If the redirected site requests your password to unsubscribe, that’s a red flag,”
WSJ quoted him as stating.
So what is the safer approach?
All three experts recommend using the “list-unsubscribe headers” provided by most email platforms—these are small opt-out links near the sender’s name that allow you to unsubscribe without navigating to external sites. These links are typically vetted by the email provider and deemed safer than clicking on links within the message body.
If that option is unavailable—or if the sender appears suspicious—it’s wiser to report the message as spam or set up email filters to block further communications.
For those who want to be proactive, tools like Apple’s “Hide My Email” can generate disposable addresses to safeguard your primary inbox. Browser extensions on Chrome and Firefox provide similar protections.
As Henderson bluntly states, “If you don’t trust the source, why would you trust their unsubscribe link?”
