| ▲ | 24 Hour Fitness won't let you unsubscribe from marketing spam, so I fixed it(ahmedkaddoura.com) |
| 67 points by daem 4 hours ago | 22 comments |
| |
|
| ▲ | bob1029 2 hours ago | parent | next [-] |
| > If you know someone on the 24 Hour Fitness engineering team, please share this with them. It's a one-line fix. One man's bug is another man's feature. |
|
| ▲ | rationalist 23 minutes ago | parent | prev | next [-] |
| If anyone from Shop.app is here, your unsubscribe does not work either (maybe due to VPN usage). But that's okay, Fastmail now automatically routes it to the spam folder where it belongs. additionally: Interesting, I set my email as a backup authentication for a luddite friend's Comcast email account, and I just discovered spam from Xfinity in my spam folder. Shame on you Xfinity Comcast. The problem: My understanding is the CAN-SPAM Act violations can only be prosecuted by states Attorney Generals, there is no civil action available. |
|
| ▲ | mattlondon 3 hours ago | parent | prev | next [-] |
| Sounds like they have not got CORS set up on their servers either? Surely it should not allow mutating requests from random origins not on an allowlist? |
| |
| ▲ | bigDinosaur 3 hours ago | parent [-] | | CORS has nothing to do with (dis)allowing 'mutating requests from random origins' on the server unless I'm misunderstanding what you mean. The origin is a browser concept. | | |
| ▲ | onion2k an hour ago | parent [-] | | Not sure why you're being downvoted. CORS is only a browser concept. If you fire off requests from something that isn't a browser (e.g. curl or a python script or whatever) CORS won't do anything. Servers need to validate the origin of requests properly if that's a problem. |
|
|
|
| ▲ | troupo 2 hours ago | parent | prev | next [-] |
| > OneTrust is literally a consent management platform focused on regulatory compliance, and 24 Hour Fitness is using it to violate consent regulations. I mean, OneTrust's entire raison d'etre is to violate consent regulations with flimsy deniability. |
|
| ▲ | imiric 3 hours ago | parent | prev [-] |
| How can you know that it "works"? Any company scummy enough to send spam to begin with, is capable of selling their customer data to a network of scummy companies that will do the same thing. I think most of the "unsubscribe" links are there to fulfill some legal obligation. They don't do what they're supposed to do, and might in fact be making things worse for the person who clicks them. The only solution I've found to work, beyond the usual spam filtering, is to setup email on your own domain, and give every company a unique address. The moment you want to stop receiving email from them, you simply block their address. This deals both with the original company, and with anyone they've sold your contact information to. |
| |
| ▲ | left-struck 20 minutes ago | parent | next [-] | | Nah, unsubscribe links absolutely work. I’m religious about unsubscribing the first time I get any email notification I don’t want from anyone. The result is I basically get no unwanted emails unless I sign of for something new. Compared to basically every other email inbox I’ve ever seen where people don’t unsubscribe… yeah it’s super clear that it works. I also use email aliases for every single account I have so if my email somehow leaks and I’m getting spam, i know exactly what account leaked it. That’s basically never happened though. The only problem I have with unsubscribe links is that sometimes the website is straight up broken, like the link is dead or the page unresponsive, and I wonder about how far down fixing that issue is on the engineering team’s todo. | |
| ▲ | nojs 18 minutes ago | parent | prev | next [-] | | it’s generally a poor marketing strategy to ignore explicit requests for list removal, because users manually flag the emails as spam which is catastrophic to your domain rep and will tank deliverability. the incentives are heavily in favour of removing people who unsubscribe | | |
| ▲ | chuckadams 11 minutes ago | parent [-] | | The List-Unsubscribe header was pioneered by Dave Rolsky, one of the more notorious spammers of the early 2000's. His reasoning was that most people were just going to hit delete, but anyone who went out of their way to unsubscribe was a squeaky wheel that would cause more problems for him if they got angry about their request being ignored. So he really did honor unsubscribe requests ... at least until adding them to the next spam campaign on a different list. |
| |
| ▲ | daem 3 hours ago | parent | prev | next [-] | | My solution to spam emails is this: https://ahmedkaddoura.com/writing/hide-my-email I create a unique iCloud Hide My Email anytime I need to give out an email. The issue here was I signed up for my 24 Hour Fitness membership in person at the gym where the cell service was bad and I couldn't get the WiFI to work, so I begrudgingly gave the guy my real email. While I could have easily blocked their domain, I took it as a challenge to get the emails to stop. | | |
| ▲ | rationalist 24 minutes ago | parent | next [-] | | I use Fastmail which allows me to have a catch-all with my own domain name. I don't need to set anything up to give out a unique email address I make up on the spot. I highly recommend this method. | | | |
| ▲ | iamacyborg 2 hours ago | parent | prev [-] | | Don’t they have a list unsubscribe header in the emails themselves? That’s effectively a requirement for senders of their size since Feb 2024. | | |
| ▲ | daem 2 hours ago | parent [-] | | I see this in the headers. But there was no option in the MacOS Mail client to unsubscribe. Only the Unsubscribe link in the body of the email. Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=member.24hourfitness.com; s=twentyfourhour; t=1762443065; bh=KDZeTqKlOBd6YUTrR6K4RMz9MA2BueBl6/LnKG57yqY=; h=From:Date:Subject:To:MIME-Version:Message-ID:List-Unsubscribe: Content-Type; b=Bq6qnq65i1EN6Df9A5TpcCn3AnNzE8yjkNdDYkapehQV727Jrma15ZU4e88I8Ckdk iH5CZrtJPlNqPscm3JWbuP4IavLVKDNf3Prlm4q75tTXE0IyaTPexyOoGTu+4PoAeG wEa8WaN6zfLl5AkPO0U+zjFHicSx3ooyNomFTI2AtSVoVHVPcubtZV8wRPUy4EV9mV pRBroHp1Uj/LCFRyZRScbs5plfxEpmd3wO9vnMsXW6jqOi19kqfOkhTUKpaRVxxJA+ /cMIq+Wh4TSpt6+22gcm4hLsCVNW0mAImjTZZ/yPFwoGpLaoPOia8aYde1mlROOoZi yx81OFO+90kRQ== | | |
|
| |
| ▲ | daem 3 hours ago | parent | prev | next [-] | | from 2025-10-26 to 2026-01-29 (the day I wrote this article), no_reply@24hourfitness.com sent me 40 spam emails. In the 33 days since I wrote this article, no_reply@24hourfitness.com sent me zero. | | |
| ▲ | fer 2 hours ago | parent [-] | | Assuming their mails follow a Poisson distribution, the 95% confidence interval for their new spam rate is 0-0.091 emails per day. |
| |
| ▲ | iamacyborg 2 hours ago | parent | prev [-] | | > How can you know that it "works"? Any company scummy enough to send spam to begin with, is capable of selling their customer data to a network of scummy companies that will do the same thing. That’s quite a stretch for a company sending marketing email with a broken unsub mechanism. | | |
| ▲ | chuckadams 8 minutes ago | parent [-] | | Considering how these companies are infamous for making it difficult to unsubscribe from their service in real life, I don't think it's too much of a stretch to attribute malice to how they conduct email communications. |
|
|
