Last week, the world collectively cursed under its breath after 6.5 million LinkedIn usernames and passwords were dumped onto the Internet. Now, a new report shows that LinkedIn’s attempts to warn users were hampered by the fact that nobody likes to read emails from LinkedIn.
According to Cloudmark, an anti-spam company interested in how email moves across the Internet, LinkedIn’s attempt to warn users about the compromised passwords did everything correctly. From Cloudmark:
It was DKIM signed, it addressed the recipient by name, and it did not contain any links, just a request to type a Linkedin URL at the command line. Even so, it was taken for spam.
This is bad news for LinkedIn, as it demonstrates the communication problem the company has with its users. According to Cloudmark, the password warning emails were manually marked as spam by 4% of users. That might not seem like an awful lot, but their data showed that around 1% or less of emails from Pinterest, Flickr, Tumblr, and Facebook were marked as spam.
Worse yet, their data also showed that over 2% of LinkedIn emails in general are marked as spam — well above the next highest on the list.
The trouble, says Cloudmark, is that LinkedIn’s email policies are extremely obtuse. When users sign up for the service, they are automatically added to eight email alerts, the controls of which are buried deep in the LinkedIn settings panel. LinkedIn emails do not always include unsubscribe links, and those that do are often extremely small. This led to users manually marking the emails as spam in desperation, and then ignoring vital communications from the company.
As a case study, the LinkedIn email debacle is particularly interesting. Many companies use an email strategy similar to LinkedIn, simply to get their email subscriber numbers up. In doing so, they hurt the impact of each email and may be distancing their audience. It’s no stretch of the imagination to assume that some might even stop engaging entirely with a website whose email practices actually annoy users — and add insult to injury with poor password security.
I guess what I am trying to say here is that websites should play nice with their emails, and keep their users happy.
- LinkedIn has been hacked, millions of passwords leaked
- One in three people are bored with Facebook
- IBM bans Siri, says its a security risk