Me: Hi (name), yes, we do have a need for your services from time to time. May I ask how you obtained my email address?
Vendor: I curated LinkedIn for contacts.
Me: This email address isn't associated with my LinkedIn account, and my employer is not visible to anyone who is not a Connection. Sorry, I'm just trying to figure out why I am getting so much spam.
Vendor: The paid subscription of LinkedIn Recruiter allows me to see people not in my immediate network. Most companies have a standard email format i.e. email@example.com. Once the format is known, then I just autofill with Excel.
So apparently spammers are using LinkedIn Recruiter to find names and companies then do a bit of hacking to find out the company email format. I'll call them SWULRs - Spammers Who Use LinkedIn Recruiter.
What can we do about this?
- Implement a better spam filtering solution. In the past I used mxLogic. After establishing service, you point your MX record to their servers, they filter out the spam and forward legitimate email to your Exchange server. Your Exchange server only accepts connections from mxLogic. They would never explain how they were filtering spam, but it was very effective. And very few false positives. Be sure to also send out through them so they can build whitelists automatically for return mail. Out-of-office autoreplies exempted, of course. A side benefit is disaster recovery; they spool inbound messages when your Exchange server cannot be reached.
- Change your company name in LinkedIn to "Company Confidential" and remove any descriptions of your company or parent company from the job description. However, your other connections may not do this and SWULRs may use their company names combined with your name in their attempts.
- Use something other than firstname.lastname@example.org or email@example.com as the email address standard at your company. Try firstname.lastname@example.org where nnn is the employee's payroll ID or just a random number. This requires convincing management of the need. Be sure to support your argument with the estimated cost of employee time lost dealing with spam. And watch out for the marketing department that wants email addresses to be pretty. You've already had to explain how email addresses and URLs should not contain uppercase characters.
- Not a solution, but good advice: Make sure your LinkedIn account is tied to your personal email account not your company email account. You may be changing employers in the future, may forget to change your email address, or may not be changing employers voluntarily; losing access to your company mailbox to confirm a password reset or email address change. This keeps company email addresses out of the LinkedIn database. And if anyone tries to send you a LinkedIn connect request through your company email, go to the LinkedIn website directly and add the contact from there. You don't want your company email address tied to your account in any manner.
Well to my knowledge Plaxo never sold themselves off to a mailing list company. But LinkedIn may be the new Plaxo, in terms of threat to email privacy.
Spam after all is a very inefficient means for vendors to reach clients. Better to make their service discoverable through internet search or listing sites such as Yelp, Angie's List and the like. There is a very small chance that a broadly targeted email solicitation will be of interest to a client, but a very large chance that a client searching for a service on the internet is ready to buy.
Vendors, please have someone available to answer the phone or email when that client contacts you. Seems like companies are allocating more resources to obtaining clients through marketing rather than maintaining adequate sales and customer service staff to facilitate actual sales. This past month I contacted 5 companies whose product or service I am interested in buying and only heard back from 1.
The above site is best viewed using Firefox or Safari in "reading view" to bypass the "register to view article" overlay.