LinkedIn is still trying to send me email despite years of rejections

July 4, 2017

Back in 2014 I wrote about LinkedIn sending me invitation spam emails and how they wanted me to agree to their terms of service (and join LinkedIn) in order to 'unsubscribe' from them. Of course I didn't do that; instead, as usual, I arranged to have all future email from LinkedIn to me to be rejected during the SMTP conversation on our external MX gateway (using one of our anti-spam features). Then I put the whole thing out of my mind.

You can probably guess what has happened since then. It's now closing in on three years that I've been rejecting all such LinkedIn email, and LinkedIn still attempts to send me some every so often on a semi-regular basis. I have no idea what's actually in the email, since the external MX gateway rejects it at RCPT TO time (and LinkedIn uses completely anonymous MAIL FROM addresses), but I suspect that it's more invitations.

Persistently sending email to addresses that fail at RCPT TO time makes LinkedIn's behavior functionally indistinguishable from spammers. Spammers ignore RCPT TO and other mail failures; so does LinkedIn. Spammers will send to dead addresses for years. LinkedIn? Check. I am sure that LinkedIn will claim that it has good reasons for its behavior, and perhaps it will even allege that it is merely doing the will of its users. It doesn't really matter. When you walk like a duck and quack like a duck, people who don't want ducks don't really care what you actually are (cf).

I believe that LinkedIn's behavior is illegal in Canada under our anti-spam legislation. I was going to say that this exposes LinkedIn to potential legal risks now that it's 2017 and the legislation is fully in force, but it turns out that the government suspended the right of private action recently. Since Canada is a loser-pays country for civil lawsuits, suing LinkedIn over this would always be risky, but now only the government can take them to court and I don't think that that's very likely.

(On the other hand, according to the website the government apparently has taken action against some big Canadian corporations over their spam, oops, 'marketing email'. So who knows.)

PS: These days there appears to be a LinkedIn unsubscribe page that doesn't immediately demand that you log in to LinkedIn. I haven't tried it; to put it one way, I don't particularly believe that leopards actually change their spots. I have no trust for LinkedIn at this point and thus no desire to actively provide them with any email addresses.

Comments on this page:

By Ewen McNeill at 2017-07-04 02:34:50:

I agree that LinkedIn are barely distinguishable from spammers. But I'm sure they would argue that it is "user initiated". The process is basically:

  • LinkedIn (strongly) encourages people to upload their entire address book to "find your contacts on LinkedIn"

  • For every email address not found in the LinkedIn database already, it sends email to that email address inviting that person to join LinkedIn. Each email contains something like "Joe Blogs invites you to connect on LinkedIn", which means typically you can guess which person decided to give LinkedIn your email address (if you receive the email).

  • If you don't respond, LinkedIn repeats that email invitation 3-4 times, with some sort of backoff, and then eventually stops for that person.

  • Lather, rinse, and repeat when the next person "finds their contacts on LinkedIn" by uploading their address book....

I see this periodically for a whole range of addresses, having used per-service email addresses (with my own domain) for about the last decade.

More recently I've been considering officially complaining to the Privacy Commissioner about some of the NZ-based uploaders of my email address, because it appears an obvious breach of the Privacy Act to send private details (my email address) collected for some non-LinkedIn purpose to a third party organisation in a foreign country. (I suspect the Privacy Commissioner would put it at the bottom of their long todo list, but it would make me feel better.)

You may possibly want to consider receiving the LinkedIn email into a mailbox that you don't have to read, and then periodically looking at it to figure out who gave LinkedIn your email address this time. Shaming those people will sometimes work (eg, I have seen apologies of "I didn't know it would do that" at times -- but LinkedIn has behaved in this almost-a-spammer way for many years, so personally I find "I didn't know it would do that" hard to believe).


By Greg A. Woods at 2017-07-05 19:19:22:

I don't think it is even a tiny bit fair to compare what LinkedIn does to what real spammers do.

LinkedIn is just trying to leverage the "if you tell two friends and they tell two friends" scheme to bump up their membership, which is exactly what all the other social networks do too. They do try to give strong advice to only invite and connect to real people who you actually know in real life. Not that that stops many of the folks who've just heard about you from someone else, or found you on the web somewhere, etc.

I suppose one could argue they're a bit like a badly managed mailing list because you don't get a chance to opt-in -- you're immediately on the "your colleague wants to invite you" list and they don't immediately unsubscribe you even if you reject their message because they trust your "colleague" more than they trust your mailer.

I think they do give up though, eventually. Until the next time someone invites you again.

They also invite users to withdraw invitations that haven't been answered, though I doubt many do withdraw invitations, and especially not those who have the goal of collecting as many connections as possible.

Of course if you do create an account on LinkedIn, and associate your well known email address(es) with that account, then the invite notifications can be "corralled" to stay just on the site, and you can click "ignore" on the ones you don't want to connect with. I.e. you can only turn off email delivery of invites if you sign up and register your email with them. :-)

I don't know what would happen if you signed up, registered your address(es), turned of all email notifications, then never logged in again. Perhaps they would leave you alone, but I wouldn't bet on it -- Facebook doesn't. I hadn't logged in for two years or more and was still getting Facebook email as much as once a day. I accidentally logged in one day by forgetting to open a facebook link in an incognito window and the email frequency seemed to increase again for months.

Written on 04 July 2017.
« Re-applying CPU thermal paste fixed my CPU throttling issues
How I shot my foot because the Bourne shell is different »

Page tools: View Source, View Normal, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Tue Jul 4 00:22:52 2017
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.