LinkedIn Shows How To Do “Reset Your Password” Emails Right

We’re constantly bombarded with examples of how large well-known companies shoot themselves in the foot with poorly thought out client communications.

They commonly make foolish mistakes that send their messages to the user’s spam folder. Worse yet, many firms practically train their users to fall for the next “Phishing Fraud” campaign that makes it to their in-box. 

That said, we occasionally run across a company that manages their client communications the right way. This is so rare, that it’s worth pointing out as an example to others.

A resent email from LinkedIn we were asked to investigate shows exactly how responsible companies should communicate with their users.

The email in question:

Subject:     Reset your LinkedIn password
From:     LinkedIn Customer Service <kana@linkedin.com>

First notice that the message is from a simple and straightforward email address

“kana@linkedin.com”

not some convoluted or randomized address. Sending emails from nonsense addresses like:

“ldjuoewu7r98uew@hendrick.facebook.com”

makes it nearly impossible for the typical user to have any real idea about the emails validity.

In addition, this message was delivered from an actual Linkedin.com server:

“from maila-ac.linkedin.com ([69.28.147.142])”

and not some third-party marketing or web services company like Response Systems or Securesuite.net which again, makes even an informed recipient wonder about the legitimacy.

Next, the IP address of the sending server (69.28.147.142) actually does resolve back to the server claiming to have sent it: maila-ac.linkedin.com.

Note… you can perform Reverse DNS lookups (among other things) through our DNS Tools page at: http://www.onlymyemail.com/dns_tools/reverse_lookup

Even better, rather than simply giving lip service to account security, they apparently do monitor accounts for suspicious behavior and notify the account holder intelligently:

From LinkedIn

In order to ensure that you continue to have the best experience using LinkedIn, we are constantly monitoring our site to make sure your account information is safe.

We have recently disabled your account for security reasons. To reset your password, follow these quick steps:

1. Go to the LinkedIn website
2. Click on “Sign In”
3. Click on “Forgot Password?” and follow the directions on the website

Thank you,
The LinkedIn Team

Of utmost importance, notice that rather than providing hyper-links to their site’s log-in pages, instead they instruct the user to go their website themselves in order to log in.

This process alone significantly reduces the chance that users will be tricked by “Phishing Fraud” emails that will be sent to them from criminals and con artists because almost all such scams rely on end-users having been completely trained to “click here” by so many social networking and financial web sites.

If every communication from your bank, auction site or social network consistently told you to:

  1. Go to the company site
  2. Click on “Sign in”
  3. Then whatever else they want you to do

Then users would become immediately suspicious of any such email claiming their account was suspended or under review or whatever if it asked them to “click here” and provided a hyper-link. Importantly, immediately suspicious is what end-users need to be nowadays and especially because it’s so easy to “display” one string of text, like:

“https://signin.ebay.com/ws/eBayISAPI.dll?SignIn”

While actually linking and directing the user’s browser to another site (controlled by the spammer) altogether.

Imagine how much less spam all of us would receive and how much safer the Internet would be if Bank of America, Facebook, Ebay, Paypal, Myspace, JP Morgan Chase (among many others) could understand these simple and straightforward principals.

Overall, this message is a perfect example of how to both keep your emails from being blocked by spam filters and prevent  your users’ accounts from being phished. And at the same time saving us all endless spam from accounts that have been hijacked by spammers and other cyber-criminals.

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags: , ,

2 Responses to “LinkedIn Shows How To Do “Reset Your Password” Emails Right”

  1. Anthony Peluso says:

    I received this email today and thought the same thing. Not including links was a great idea.

    However, I’m still at a loss as to why I received it. I also received the same message on an account which doesn’t even have a linkedin account!

    I’m really hoping this is just a blanket response to the whole gawker compromise. Not trying to ask you to do LinkedIn’s tech support, but any insight you might have would be most helpful.

  2. Anthony Peluso says:

    Just as an update, I discovered that’s exactly what it is, from LinkedIn’s Twitter…

    “As a proactive security measure, we’ve reached out to users potentially affected by the gawker breach to change their password.”

    Good on ’em.