Ask HN: Is Gmail's unsubscribe feature safe? - CodeGurus

Got a spam email today. It had an unsubscribe link pointing to a random Azure blob. I click “Mark as Spam” and it offers me to unsubscribe instead?

This was worring as I thought … well the unsubscribe is a dangerous link so how will it do it.

Turns out it uses a header like X-Unsubscribe-Web. I checked what that was set to, and in this spam it was some online newspaper. Looks legit but probably not the unsubscribe link. So the probably put a plausible link there to fool Google to not filter it out.

But in general X-Unsubscribe-Web could be set to something malicious.

And why is Google even discouraging me from reporting spam (or in this case… phishing).

Comments URL: https://news.ycombinator.com/item?id=42230717

Points: 1

# Comments: 0

Related Articles