In yet another setback for LinkedIn, it’s been revealed thousands of email alerts sent out by the company in response to last week’s password scandal have been wrongly marked as spam.
The news probably doesn’t come as that much of a surprise – following such a glaring security breach, it’s to be expected that many users would likely be more cautious in the face of any suspect mails.
The problem though, was that these were actually legitimate emails, sent by LinkedIn to alert users to the security breach so they could take action to protect their accounts.
According to the email security firm Cloudmark, almost 4% of LinkedIn users that received emails from the company incorrectly marked those messages as spam. This figure is almost 50% higher than the normal rate of misidentified emails from the website, which means that a huge number of users are likely to have dismissed a vital warning.
Andrew Conway wrote on Cloudmark’s company blog:
“If LinkedIn sends out 6.5 million emails, then a quarter of a million people are congratulating themselves on avoiding spam, and still have a compromised LinkedIn password,”
The fact that so many people wrongly interpreted the LinkedIn emails as spam shows that many humans make surprisingly poor spam filters. One of the problems is that people have been brainwashed to expect phishing attacks or similar email scams following a major security breach, as hackers will often try to take advantage of people hunting for information. Sometimes, this can cause users to purge legitimate emails too quickly.
By all accounts, LinkedIn did everything correctly in so far as making sure its emails were not misidentified as spam. Conway pointed out that the company attached special code to make sure that spam filters identified the message as being authentic, addressed recipients by their name, and didn’t include any links in the body of the email.
So what went wrong?
One of the biggest errors LinkedIn has made is making it difficult for users to be able to stop receiving unwanted email alerts from the company, said Conway. Users are given no option to ‘opt out’ of receiving emails when they first sign up, and as for actually unsubscribing – well, good luck trying to find out how to do that!
As Conway explains, LinkedIn is a modern day case of the little boy who cried wolf – by sending out tons of junk that nobody’s interested in, they’ve found that no one’s listening when they actually have something important to tell.