Scammers use fake ‘unsubscribe’ spam emails to confirm valid email accounts to be used in future phishing and spam campaigns.

For some time, spammers have been sending emails that simply ask if you wish to unsubscribe or subscribe. These emails do not explain what you are unsubscribing or subscribing to and are being used by spammers to verify if the recipient’s email is valid and susceptible to phishing scams and other malicious activity.

The “confirmation” emails use mail subjects, such as “We_need your confirmation asap”, “Request , please confirm your unsubscription”, and “Verification.”

The email messages are very basic, with just colorful boxes containing links asking whether you would like to unsubscribe or subscribe, as shown below.

Conformation spam example 1

Conformation spam example 2

If you click on the embedded subscribe/unsubscribe links, it will cause your mail client to create a new email that will be sent to many different email addresses under the spammer’s control.

New email created to verify your email address
New email created to verify your email address

When users send the above email, they expect to be unsubscribed from further emails. However, they are actually verifying for the spammers that their email address is valid and being monitored.

Responding leads to more spam

As a test, BleepingComputer created a new email address that we never used on any website or service. Using this email address, we responded to various confirmation emails that we received on another email account. 

After sending unsubscribe/subscribe responses from the new account, in only a few days our new account became bombarded with spam emails.

This test further confirmed that spammers are using these subscribe/unsubscribe emails to refine their mailing lists and verify email addresses susceptible to these types of scams and phishing attacks. 

If you receive an email that just simply asks you to subscribe or unsubscribe, ignore it and mark it as spam.

No legitimate organization will send these types of emails without further explaining what the email is referencing.