Got a spam email today. It had an unsubscribe link pointing to a random Azure blob. I click "Mark as Spam" and it offers me to unsubscribe instead?<p>This was worring as I thought ... well the unsubscribe is a dangerous link so how will it do it.<p>Turns out it uses a header like X-Unsubscribe-Web. I checked what that was set to, and in this spam it was a well known online newspaper plus a bogus query string. So they probably put a plausible link (i.e. not a black list) to fool Google.<p>But in general X-Unsubscribe-Web could be set to something malicious, right?<p>And why is Google even discouraging me from reporting spam (or in this case... phishing).<p>Edit: I see there is now a report Phishing and that button treats me like an adult :-)
There used to be a button "report spam and unsubscribe" but it's gone now. Can only do one of those.<p>It's like Google is taking the position that if they respect opt outs, they're not spam, but that is absolutely not true. Especially if I didn't sign up