Subscribe to RSS Feed

Cloudmark Blog

Intelligence Briefings from the War on Spam

The Social Network That Cried “Wolf!”


Tue, Jun 12, 2012 by Andrew Conway

If you’re reading this blog, then you’re probably aware that last week 6.5 million Linkedin passwords were compromised. On Friday the Cloudmark Research team saw a huge increase in user spam reports relating to resetting Linkedin passwords. These were not because spammers were trying to take advantage of the publicity around the Linkedin fail; those emails are stopped by our regular filters and never make to the users. No, this was a real email from Linkedin telling people whose password had been compromised how to protect their account. Over four percent of the people receiving this email, thought it was spam and sent it straight to the bit bucket. If Linkedin sends out 6.5 million emails, then a quarter of a million people are congratulating themselves on avoiding spam, and still have a compromised Linkedin password.

The Linkedin email did all the right things to be to be regarded as genuine. It was DKIM signed, it addressed the recipient by name, and it did not contain any links, just a request to type a Linkedin URL at the command line. Even so, it was taken for spam. Part of the problem is that people are used to getting email that they don’t want from Linkedin and rather than unsubscribe, some of them just mark it as spam and hope that it will go away.

Here’s how Linkedin compares with other social networks in the amount of genuine mail they send that gets manually reported as spam by their users.Linkedin Graph

We are only taking data from DKIM signed messages here, so this chart does not contain spoofed phishing emails. As you an see, the compromised email account did particularly badly, but Linkedin in general does worse that other social networks. What are they doing wrong?

When you are sign up for a Linkedin account, you are not asked what your email notification preferences are. You are just given these defaults without being told:

If you want to turn these off, it isn’t exactly obvious where to go. No, it’s not under Profile or Contacts or In Box or More or even Upgrade Your Account – you have to click on the little arrow next to your name at the top right of the page and go to Settings on the drop down menu. Good luck finding that before your first cup of coffee.

Linkedin Menu

When you do get an email from Linkedin, it may contain an Unsubscribe link (good) in tiny print at the bottom of the message (bad), it may contain an Adjust your message settings link (OK) in tiny print at the bottom of the message (blah) or it may not contain any opt out link at all (c’mon Linkedin, that’s not good enough). Best practice would be to allow email opt out at sign up time, and to make unsubscribing obvious, consistent and accessible both from both emails and web site.

Linkedin is like the little boy who cried, “Wolf.” By sending too much mail that people are not really interested in, they are getting ignored when they have something important to say.

This entry was posted by Andrew Conway on Tuesday, June 12, 2012 at 10:23 PDT and is filed under Cloudmark. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

40 Responses to “The Social Network That Cried “Wolf!””

  1. LinkedIn boosts encryption after last week's password leak | IT Security News Says:
    Wednesday, June 13, 2012 at 08:56 PDT

    [...] “Over four percent of the people receiving this [warning] email, thought it was spam and sent it straight to the bit bucket. If Linkedin sends out 6.5 million emails, then a quarter of a million people are congratulating themselves on avoiding spam, and still have a compromised Linkedin password,” said Cloudmark’s Andrew Conway. [...]

  2. Amrut Says:
    Wednesday, June 13, 2012 at 14:48 PDT

    I’ve tried unckecking all those boxes, still getting email from Linkedin. Really pisses me off.

  3. Bryan Says:
    Wednesday, June 13, 2012 at 16:30 PDT

    I got the mail about LinkedIn’s password breach. I went to LinkedIn, performed the required password change, and then deleted my account there.

    Problem solved. Why give them personal information if they cannot be trusted with it?

  4. LinkedIn Boosts Encryption After Password Leak | | Fix-Singh - Computer Repairs LeicesterFix-Singh – Computer Repairs Leicester Says:
    Wednesday, June 13, 2012 at 17:13 PDT

    [...] “Over four percent of the people receiving this [warning] email, thought it was spam and sent it straight to the bit bucket. If Linkedin sends out 6.5 million emails, then a quarter of a million people are congratulating themselves on avoiding spam, and still have a compromised Linkedin password,” said Cloudmark’s Andrew Conway. [...]

  5. LinkedIn Boosts Encryption After Password Leak | HOB Says:
    Wednesday, June 13, 2012 at 18:07 PDT

    [...] “Over four percent of the people receiving this [warning] email, thought it was spam and sent it straight to the bit bucket. If Linkedin sends out 6.5 million emails, then a quarter of a million people are congratulating themselves on avoiding spam, and still have a compromised Linkedin password,” said Cloudmark’s Andrew Conway. [...]

  6. Steve Says:
    Wednesday, June 13, 2012 at 18:55 PDT

    What amrut said. Still get bullshit mail even after you turn off everything.

  7. LinkedIn Boosts Encryption After Password Leak | IT Security News Says:
    Wednesday, June 13, 2012 at 21:20 PDT

    [...] “Over four percent of the people receiving this [warning] email, thought it was spam and sent it straight to the bit bucket. If Linkedin sends out 6.5 million emails, then a quarter of a million people are congratulating themselves on avoiding spam, and still have a compromised Linkedin password,” said Cloudmark’s Andrew Conway. [...]

  8. LinkedIn Boosts Encryption After Password Leak | Geeklin Says:
    Wednesday, June 13, 2012 at 21:41 PDT

    [...] « Over four percent of the people receiving this [warning] email, thought it was spam and sent it straight to the bit bucket. If Linkedin sends out 6.5 million emails, then a quarter of a million people are congratulating themselves on avoiding spam, and still have a compromised Linkedin password, » said Cloudmark’s Andrew Conway. [...]

  9. Mike S Says:
    Thursday, June 14, 2012 at 07:52 PDT

    Duh, this need to go INTO THE APP, NOT AN EMAIL. This is practically rule #1 of secure communications.

  10. LinkedIn Boosts Encryption After Last Week’s Password Leak Says:
    Thursday, June 14, 2012 at 08:08 PDT

    [...] “Over four percent of the people receiving this [warning] email, thought it was spam and sent it straight to the bit bucket. If Linkedin sends out 6.5 million emails, then a quarter of a million people are congratulating themselves on avoiding spam, and still have a compromised Linkedin password,” said Cloudmark’s Andrew Conway. [...]

  11. Humans Make Poor Spam Filters – LinkedIn Alert Ignored by Thousands | SiliconANGLE Says:
    Thursday, June 14, 2012 at 09:00 PDT

    [...] to the email security firm Cloudmark, almost 4% of LinkedIn users that received emails from the company incorrectly marked those [...]

  12. Humans Make Poor Spam Filters – LinkedIn Alert Ignored by Thousands | Stop Spam Tips Says:
    Thursday, June 14, 2012 at 09:33 PDT

    [...] to the email security firm Cloudmark, almost 4% of LinkedIn users that received emails from the company incorrectly marked those [...]

  13. ผู้ใช้ LinkedIn ไม่สนใจเมลเตือนให้เปลี่ยนรหัสผ่าน เพราะได้เมลจาก LinkedIn มากจนชิน | geek in th Says:
    Thursday, June 14, 2012 at 11:35 PDT

    [...] ที่มา - CloudMark [...]

  14. Hoping To Avert Disaster, Facebook Pins Link To Security Tips Atop Every User’s News Feed | TechCrunch Says:
    Thursday, June 14, 2012 at 13:53 PDT

    [...] wouldn’t have to rely on emailing users to get them to change their own passwords, which the Cloudmark blog showed doesn’t work so well since those messages often get ignored like [...]

  15. Hoping To Avert Disaster, Facebook Pins Link To Security Tips Atop Every User’s News Feed | Network9ja Says:
    Thursday, June 14, 2012 at 13:55 PDT

    [...] wouldn’t have to rely on emailing users to get them to change their own passwords, which the Cloudmark blog showed doesn’t work so well since those messages often get ignored like [...]

  16. Facebook Asks Every User For Their Phone Number and Pins Security Link Atop Homepage To Prevent Disaster | SIMPLYGRAY Says:
    Thursday, June 14, 2012 at 14:29 PDT

    [...] it wouldn’t have to rely on emailing users to get them to change their own passwords, which the Cloudmark blog showed doesn’t work so well since those messages often get ignored like [...]

  17. Facebook Asks Every User For Their Phone Number and Pins Security Link Atop Homepage To Prevent Disaster | Network9ja Says:
    Thursday, June 14, 2012 at 14:35 PDT

    [...] wouldn’t have to rely on emailing users to get them to change their own passwords, which the Cloudmark blog showed doesn’t work so well since those messages often get ignored like [...]

  18. TechCrunch | Facebook Asks Every User For Their Phone Number And Pins Security…. « Techno Junk Food Says:
    Thursday, June 14, 2012 at 15:23 PDT

    [...] it wouldn’t have to rely on emailing users to get them to change their own passwords, which the Cloudmark blog showed doesn’t work so well since those messages often get ignored like [...]

  19. Facebook Asks Every User For A Verified Phone Number To Prevent Security Disaster | Network9ja Says:
    Thursday, June 14, 2012 at 16:15 PDT

    [...] wouldn’t have to rely on emailing users to get them to change their own passwords, which the Cloudmark blog showed doesn’t work so well since those messages often get ignored like [...]

  20. Facebook Asks Every User For Their Phone Number and Pins Security Link Atop Homepage To Prevent Disaster : hotNews Indian News | India Newspaper | India Latest News | News From India | India News Daily | Current India News Says:
    Thursday, June 14, 2012 at 16:22 PDT

    [...] it wouldn’t have to rely on emailing users to get them to change their own passwords, which the Cloudmark blog showed doesn’t work so well since those messages often get ignored like [...]

  21. Facebook Asks Every User For A Verified Phone Number To Prevent Security Disaster | Startup Help Says:
    Thursday, June 14, 2012 at 16:39 PDT

    [...] wouldn’t have to rely on emailing users to get them to change their own passwords, which the Cloudmark blog showed doesn’t work so well since those messages often get ignored like [...]

  22. Facebook Asks Every User For A Verified Phone Number To Prevent Security Disaster - The Review Blog Says:
    Thursday, June 14, 2012 at 16:43 PDT

    [...] wouldn’t have to rely on emailing users to get them to change their own passwords, which the Cloudmark blog showed doesn’t work so well since those messages often get ignored like [...]

  23. Facebook Asks Every User For Their Phone Number and Pins Security Link Atop Homepage To Prevent Disaster Technology-Stuff.com | Technology-Stuff.com Says:
    Thursday, June 14, 2012 at 17:28 PDT

    [...] wouldn’t have to rely on emailing users to get them to change their own passwords, which the Cloudmark blog showed doesn’t work so well since those messages often get ignored like [...]

  24. Facebook、セキュリティー惨劇防止のため、全ユーザーに携帯電話番号の確認を依頼 Says:
    Thursday, June 14, 2012 at 18:16 PDT

    [...] もしFacebookが不正侵入され、あるいは個人がアカウントを盗まれた時、確認済み電話番号があればFacebookは被害者たちのパスワードを消去し新しいパスワードをSMSで送ることができる。つまり、ユーザーにメールを送ってパスワードの変更を依頼する方法に頼る必要がない。後者の方法はスパムと思われて無視されることが多く有効に働かないことをCloudmarkのブログが指摘している。 [...]

  25. Facebook Asks Every User For Their Phone Number and Pins Security Link Atop Homepage To Prevent Disaster | Krantenkoppen Tech Says:
    Thursday, June 14, 2012 at 21:13 PDT

    [...] it wouldn’t have to rely on emailing users to get them to change their own passwords, which the Cloudmark blog showed doesn’t work so well since those messages often get ignored like [...]

  26. Facebook Asks Every User For A Verified Phone Number To Prevent Security Disaster : hotNews Indian News | India Newspaper | India Latest News | News From India | India News Daily | Current India News Says:
    Thursday, June 14, 2012 at 22:13 PDT

    [...] it wouldn’t have to rely on emailing users to get them to change their own passwords, which the Cloudmark blog showed doesn’t work so well since those messages often get ignored like [...]

  27. Bad Behavior And How it Threatens Internet Business Says:
    Friday, June 15, 2012 at 02:30 PDT

    [...] When social media spams back. Last week when LinkedIn sent out notifications to members about a problem with compromised passwords, about four percent, or a quarter of a million, were discarded as spam. The problem isn’t the content of the e-mails themselves, but that LinkedIn sends far too much e-mail to its users, according to the author of this article.  Cloudmark [...]

  28. Bad Behavior And How it Threatens Internet Business | TopReviewsWeb.com Says:
    Friday, June 15, 2012 at 03:04 PDT

    [...] When social media spams back. Last week when LinkedIn sent out notifications to members about a problem with compromised passwords, about four percent, or a quarter of a million, were discarded as spam. The problem isn’t the content of the e-mails themselves, but that LinkedIn sends far too much e-mail to its users, according to the author of this article.  Cloudmark [...]

  29. Bad Behavior And How it Threatens Internet Business | Convention Center Quindio Says:
    Friday, June 15, 2012 at 03:39 PDT

    [...] When social media spams back. Last week when LinkedIn sent out notifications to members about a problem with compromised passwords, about four percent, or a quarter of a million, were discarded as spam. The problem isn’t the content of the e-mails themselves, but that LinkedIn sends far too much e-mail to its users, according to the author of this article.  Cloudmark [...]

  30. Facebook Asks Every User For A Verified Phone Number To Prevent Security Disaster | Says:
    Friday, June 15, 2012 at 04:24 PDT

    [...] wouldn’t have to rely on emailing users to get them to change their own passwords, which the Cloudmark blog showed doesn’t work so well since those messages often get ignored like [...]

  31. http://blog.spamfighter.com/hacking-2/linkedin-hacked.html Says:
    Friday, June 15, 2012 at 05:01 PDT

    Won’t help much if someone uninstalled the app due to security concerns. Good post though

  32. Facebook Wants Your Number « Vaneese Says:
    Friday, June 15, 2012 at 08:52 PDT

    [...] it wouldn’t have to rely on emailing users to get them to change their own passwords, which the Cloudmark blog showed doesn’t work so well since those messages often get ignored like [...]

  33. Bad Behavior And How it Threatens Internet Business | Electronic Staff Says:
    Friday, June 15, 2012 at 10:12 PDT

    [...] When amicable media spams back. Last week when LinkedIn sent out notifications to members about a problem with compromised passwords, about 4 percent, or a entertain of a million, were rejected as spam. The problem isn’t a calm of a e-mails themselves, though that LinkedIn sends distant too most e-mail to a users, according to a author of this article.  Cloudmark [...]

  34. Facebook pede a cada usuário um número de telefone, | Site para Empresas – Blog sobre Internet e Criação de Site Says:
    Friday, June 15, 2012 at 16:09 PDT

    [...] não teria que confiar em e-mail aos usuários levá-los a alterar suas próprias senhas, que o blogue Cloudmark demonstrou não funcionar tão bem desde que essas mensagens geralmente são ignoradas como [...]

  35. Facebook Wants Your Phone Number for Security Purposes | My Blog Says:
    Friday, June 15, 2012 at 18:19 PDT

    [...] forked to a new Cloudmark blog post, that pronounced that amicable network emails mostly get ignored as spam by [...]

  36. Facebook Wants Your Phone Number for Security Purposes | cepot.info Says:
    Friday, June 15, 2012 at 23:06 PDT

    [...] seeking users to change their possess passwords, according to TechCrunch.TechCrunch forked to a new Cloudmark blog post, that pronounced that amicable network emails mostly get ignored as spam by users.The Facebook [...]

  37. VIRTUAL SECURITY — Все о безопасности виртуальных сред » Facebook заставит пользователей сообщить номера телефонов Says:
    Saturday, June 16, 2012 at 01:36 PDT

    [...] Перейдя по ссылке на страницу «Безопасность на Facebook», пользователи узнают о том, как создать надежный уникальный пароль, распознать случаи интернет-мошенничества, а также привязать к аккаунту номер своего мобильного, который понадобится для восстановления доступа к странице в случае ее взлома. В таком случае Facebook немедленно пришлет на указанный номер SMS-сообщение с новым паролем. Письма от сервиса с предложением сменить пароль самостоятельно зачастую воспринимаются как спам и игнорируются владельцами аккаунтов, как отмечается в блоге Cloudmark. [...]

  38. Facebook Login geklaut? Netzwerk will deine Handynummer für mehr Sicherheit » t3n News Says:
    Monday, June 18, 2012 at 02:00 PDT

    [...] unbedingt sein, dass der Betroffene die Mail zeitnah öffnet, zum anderen bleiben derartige Mails laut Cloudmark oftmals in Spamfiltern hängen. Nachteile, denen eine SMS an eine vom Anwender bestätigte [...]

  39. Virus.NL LinkedIn-gebruikers vinden waarschuwing spam Says:
    Sunday, June 24, 2012 at 14:50 PDT

    [...] spam hebben ontvangen, maar nog steeds met een gecompromitteerd LinkedIn-wachtwoord zitten”, zegt Andrew [...]

  40. The inconvenience of cyber-security – Jacinta Tobin – The Kernel Says:
    Tuesday, July 10, 2012 at 11:50 PDT

    [...] if they want to ensure they are not the next victim of a security breach or virus attack. Recently, LinkedIn became the next high-profile company in the spotlight for the wrong reasons, with 6.5 million [...]

Leave a Reply


(will not be published)


Submit Your Comments

* Indicates a required field