I’m not interested in this Nigerian restaurant’s emails…

Graham Cluley
@gcluley

I get a lot of unwanted email.

Okay, so many of us get unwanted email.

Sometimes it’s from colleagues who have cc’d us into a discussion that we really didn’t need to be copied on, or a thread that started off useful, interesting, or amusing, but which you’ve rapidly lost interest in.

And, of course, most of us are also being sent large volumes of spam. Fortunately, the majority of spam can be quite successfully blocked by your email provider… if you think you’re getting a lot of spam as it is, check your junk or spam folder and see what you’re *not* seeing in your inbox.

But there is also a type of email that doesn’t fall into the above categories. And I’m thinking specifically today of unwanted newsletters.

There are cockwombles out there who seem to have got large amounts of amusement signing up my email addresses for newsletters that I’m not interested in. And because these newsletters don’t do the decent thing of actually *checking* whether someone wanted to sign-up for a newsletter or not (via double opt-in) I keep receiving the newsletters unless I go to the effort of unsubscribing or writing a filter to automatically delete them.

Here’s an example I received in the last few days:

Subject: Get Chicken Sharwarma for Just 1,500 !!! Delivery Within Lagos. WhatsApp Direct Chat Link Inside

Message body:
Zaika Lupeju

Chicken Sharwarma For Just 1,500 Naira

To Place Order Call of WhatsApp <REDACTED>

Delivery Available

Well, it looks lovely – but a quick glance at the footer of the email reveals that this is an Indian and Chinese restaurant in Lagos, Nigeria. Just opposite the Fidelity Bank.

According to TripAdvisor, it’s the 24th best Chinese restaurant in Lagos (it lists a total of 30), and ranked 201st out of all of the 251 restaurants in the city. According to its website, Zaika Lupeju is open until 11pm or midnight each night of the week.

That’s all great – but I don’t think they’re going to deliver to me in Oxford, England, are they? Or if they did I’d have to give the delivery driver a stonking tip.

Zaika Lupeju should have confirmed that I really wanted to receive their newsletter. Unfortunately a surprising number of companies don’t bother, and some newsletter services (I’m looking at you Mailchimp) have cynically changed their default so that double opt-in isn’t enabled by default.

Double opt-in refers to when a user has subscribed to a newsletter or other email marketing message by explicitly requesting it and *then* confirming their email address.

Typically this is done by sending a confirmation email to the address entered on the subscription form.

Double opt-in is great for people who want to run restaurants, like the Zaika Lupeju restaurant in Lagos, Nigeria. Because they can be sure that they’re only sending emails to people who are genuinely interested in buying food from them – and not piss off security bloggers in the UK.

Double opt-in is also great for regular internet users. You’re less likely to be sent as many newsletter updates the more that double opt-in is used.

But double opt-in is bad for mailing list services like Mailchimp, who can charge more money from their customers if their newsletters go to more people – regardless of whether those people have opted-in to receive an email or not.

That’s despite Mailchimp extolling the benefits of double opt-in until a few years ago:

How times have changed.

Sign up to our newsletter
Security news, advice, and tips.

By the way, Zaika Lupeju doesn’t use Mailchimp.

For the newsletter they sent me, offering a Chicken Shawarma deal if I was ever wandering past their restaurant in Nigeria, they used another mailing service called Mad Mimi. I checked, and Mad Mimi actually has double opt-in enabled by default for its users.

That’s good. But what’s disappointing is they also give customers the ability to disable double opt-in, which means that anyone could sign up anyone in the world to receive a newsletter from the Zaika Lupeju restaurant in Lagos.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

2 comments on “I’m not interested in this Nigerian restaurant’s emails…”

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.