> is it really true that hitting the "Spam" button on a site like Yahoo or Gmail informs the sender of your email address?

Yes. The feedback loop shows the sender who marked the mail as spam.

> What is a user supposed to do in the case of an accidental bump of the "Spam" button? Is there really no way to undo the damage (both to the sender and to the willing recipient)?

There is no good solution, it kind of sucks for both the sender and the receiver. When you click that spam button, intentional or not, I can no longer send you email until going through a sometimes laborious process of working with the email service to get the email unblacklisted. If you really want to receive email again, send an email to the company/person and let them know you accidentally clicked the spam button so they can work it out with the email provider.

Gmail handles this the best IMO as it gives the user ~5 seconds to click "undo" before reporting the spam. As far as I can tell most other email clients are instantaneous.

That's maddening. The really frustrating part is that this effect (and especially the "can't undo" part) is completely invisible to the user. Like I said, my wife missed out on some rather important messages about an upcoming event that we were attending because of this. (After a couple of months, when the event was a few weeks away, I believe she got a message from the organizers letting her know that they hadn't been able to contact her but did she really think they were sending spam. Much frustration ensued.)

It's called a feedback loop[1] and yes they do pass email addresses, but only to whitelisted (theoretically legit) senders. This has been true for years.

I think the fear of "confirming an email address is valid" is unfounded. A list of valid email addresses of people who actively report messages they don't want as spam is not worth anything to a spammer and it would be illegal for a US company to do anything with the list of unsubscribes or spam reports anyway.

I'm not aware of any simple and universal solution to "undo" an accidental spam button click.

[1] http://en.wikipedia.org/wiki/Feedback_loop_(email)

I guess I always assumed that spammers didn't particularly care whether what they do is legal or not (and certainly that they didn't much care whether the people they contacted wanted to get their messages). Is this a flawed impression/prejudice left over from the ancient days of the internet? Because I've been floored by the number of folks here on HN saying that they click the "unsubscribe" link within an email for any reason, let alone in preference to their email provider's internal "spam" button.

Well, let's be clear: I wouldn't advise clicking anything in a V1@GRA-type likely illegal spam message.

But if we're talking about newsletters your don't remember signing up for or marketing emails or invites to a new social network, the unsubscribe usually works and will almost never harm you. AFAIK it's a myth that there's this huge black market for "valid" email addresses. Spammers don't want a list of people who click unsubscribe; they ain't gonna buy anything. There are way easier ways to find email addresses on the internet. And it would be crazy (and possibly illegal) for any sort of semi-legit company to sell their unsubscribe list.

Anything send by an actual company -- especially anything sent through any of the major email providers -- will almost certainly have a working unsubscribe. It's almost impossible to send a message in MailChimp without a working unsubscribe.