LinkedIn SPAM - seen in PM's

I’ve had several users report receiving PM SPAM from LinkedIn.

These come in the form of emails sent to the special reply email addresses which are used by Discourse when notifications are sent out to users.
E.g. replies+nnnnnnnnnnnnnnnnn@reply.example.com

Somehow these email addresses are imported into LinkedIn (perhaps by contacts sync) and then used to invite you to LinkedIn.

The first line of the email is usually something similar to (but with a different name):

John Smith would like to connect on LinkedIn. How would you like to respond?

Or

I’d like to add you to my professional network on LinkedIn


In order to get ahead of these as I can see quite a number of my users have has messages in this form…

I’ve added a “filter” to the GMail account I use to handle mail for Discourse and set it to “Archive” / “Skip inbox” “Delete it” for those emails.

In my case I also added a label so I can track those emails if needs be later.

Hope this is helpful to someone to before it impacts their communities.

This might be helpful in the howto category - but I’ll leave that to the Discourse team to review.

4 Likes

This is due to LinkedIn stealing your address book and spamming every email address that you’ve communicated with. Not necessarily a bug in Discourse, but I think this may be worth handing in Discourse.

Maybe a PM from @system?

We recently noticed LinkedIn attempting to use your account to post messages on this Discourse forum. This can happen if you grant it access to your address book. Please refrain from doing so in the future.

5 Likes

I really think this is beyond a lot of users, they just press buttons when asked to…
… by very carefully designed user prompts and on-boarding processes in products like LinkedIn.

Educating a user about someone else’s product is not Discourse’s job.

Sadly it’s probably just a matter of filtering emails.

5 Likes

I just had this happen for the first time on my site - how irritating. Not a PM but a post!

I just realized that this could be helped by putting expiration dates in topic emails and also closIng topics. Anyway it is a fairly rare occurrence so maybe no action is needed.

Just a note - I ultimately ended up setting the GMail filters to “delete” as “skipping inbox” wasn’t doing the job right.

1 Like

Yes, I recommend you set the reply email account to automatically delete any incoming “reply” mails containing a FROM address that includes linkedin.com.

4 Likes

Awesome - this solves my problem. Nice gordian knot solution. :smile:

1 Like

FYI I just got another linkedin.com spam invitation, this time from someone in another language locale besides english… It got through to my discourse because the filter I created was explicit and the portuguese linkedin email uses a different email address. Now I’ve changed it so any matches to from:(@linkedin.com) will get deleted.

Unless you have LinkedIn staff in your community. :slight_smile:

2 Likes

heh. at this rate, I’m almost thinking it’s worth muting any linkedin staff who might decide to join my community to be able to block these crazy messages.

it’s bad enough that linkedin encourages this spamming of everyone in your addressbook… but then to do it from different email addresses in different locales. Jiminy cricket.

2 Likes