[Outages-discussion] LinkedIn spam, was: Virendra, please...
Jay Hennigan
jay at west.net
Sun Aug 3 17:30:32 EDT 2014
On 8/2/14, 4:59 AM, jrk1231-outml at nym.hush.com wrote:
> Actually, this could also happen by accident, too.
>
> It is my understanding (as told to me by LinkedIn support) that when you
> join LinkedIn, you give them permission to harvest your contacts and
> send requests to every contact that is not currently a member of
> LinkedIn as known by the email address for that person in your contact
> list. (Did you bother to read your ToS?)
Of course, for them to pull this off you also need to give them the
login credentials to your email account. These sites are rather sneaky
about the wording in the page that requests this, something like "invite
your contacts to join", and they typically forge the from address on the
invitations to appear as if you emailed your contacts directly.
I wonder how DMARC affects this stunt. The social media "spam your
contacts" script has probably morphed to modify the From address on
domains using DMARC to work around this.
By the way, it has been my experience that they attempt multiple spams
over several weeks once they harvest an address list.
--
Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service - http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV
More information about the Outages-discussion
mailing list