I’m not interested in this Nigerian restaurant’s emails…

Graham Cluley
Graham Cluley
@[email protected]

I'm not interested in this Nigerian restaurant's emails...

I get a lot of unwanted email.

Okay, so many of us get unwanted email.

Sometimes it’s from colleagues who have cc’d us into a discussion that we really didn’t need to be copied on, or a thread that started off useful, interesting, or amusing, but which you’ve rapidly lost interest in.

And, of course, most of us are also being sent large volumes of spam. Fortunately, the majority of spam can be quite successfully blocked by your email provider… if you think you’re getting a lot of spam as it is, check your junk or spam folder and see what you’re *not* seeing in your inbox.

But there is also a type of email that doesn’t fall into the above categories. And I’m thinking specifically today of unwanted newsletters.

There are cockwombles out there who seem to have got large amounts of amusement signing up my email addresses for newsletters that I’m not interested in. And because these newsletters don’t do the decent thing of actually *checking* whether someone wanted to sign-up for a newsletter or not (via double opt-in) I keep receiving the newsletters unless I go to the effort of unsubscribing or writing a filter to automatically delete them.

Here’s an example I received in the last few days:

Unwanted email

Subject: Get Chicken Sharwarma for Just 1,500 !!! Delivery Within Lagos. WhatsApp Direct Chat Link Inside

Message body:
Zaika Lupeju

Chicken Sharwarma For Just 1,500 Naira

To Place Order Call of WhatsApp <REDACTED>

Delivery Available

Well, it looks lovely – but a quick glance at the footer of the email reveals that this is an Indian and Chinese restaurant in Lagos, Nigeria. Just opposite the Fidelity Bank.

According to TripAdvisor, it’s the 24th best Chinese restaurant in Lagos (it lists a total of 30), and ranked 201st out of all of the 251 restaurants in the city. According to its website, Zaika Lupeju is open until 11pm or midnight each night of the week.

That’s all great – but I don’t think they’re going to deliver to me in Oxford, England, are they? Or if they did I’d have to give the delivery driver a stonking tip.

Zaika Lupeju should have confirmed that I really wanted to receive their newsletter. Unfortunately a surprising number of companies don’t bother, and some newsletter services (I’m looking at you MailChimp) have cynically changed their default so that double opt-in isn’t enabled by default.

Double opt-in refers to when a user has subscribed to a newsletter or other email marketing message by explicitly requesting it and *then* confirming their email address.

Typically this is done by sending a confirmation email to the address entered on the subscription form.

Subscription confirm

Double opt-in is great for people who want to run restaurants, like the Zaika Lupeju restaurant in Lagos, Nigeria. Because they can be sure that they’re only sending emails to people who are genuinely interested in buying food from them – and not piss off security bloggers in the UK.

Double opt-in is also great for regular internet users. You’re less likely to be sent as many newsletter updates the more that double opt-in is used.

But double opt-in is bad for mailing list services like Mailchimp, who can charge more money from their customers if their newsletters go to more people – regardless of whether those people have opted-in to receive an email or not.

That’s despite Mailchimp extolling the benefits of double opt-in until a few years ago:

Double opt in benefits

How times have changed.

Sign up to our free newsletter.
Security news, advice, and tips.

By the way, Zaika Lupeju doesn’t use Mailchimp.

For the newsletter they sent me, offering a Chicken Shawarma deal if I was ever wandering past their restaurant in Nigeria, they used another mailing service called Mad Mimi. I checked, and Mad Mimi actually has double opt-in enabled by default for its users.

That’s good. But what’s disappointing is they also give customers the ability to disable double opt-in, which means that anyone could sign up anyone in the world to receive a newsletter from the Zaika Lupeju restaurant in Lagos.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “I’m not interested in this Nigerian restaurant’s emails…”

  1. Chris Hough

    Typo alert:
    "signing up BY email addresses for newsletters that I’m not interested in."
    Should be "MY email addresses…"

    1. Graham CluleyGraham Cluley · in reply to Chris Hough

      Now fixed. Thanks Chris!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.