Why LinkedIn and Facebook Notifications Should Never Hit Your Spam Folder

The Social Notification Problem

If you have ever opened your spam folder and found a connection request from LinkedIn or a tagged-photo notification from Facebook, you have experienced this problem firsthand. Social platform notifications share many surface-level features with spam: they are sent in bulk, they often have eye-catching subject lines, they contain marketing-style HTML, and they arrive without you having explicitly requested each individual one.

Aggressive Bayesian classifiers can easily learn to mark them as spam, especially if a user has occasionally tagged "yet another LinkedIn email" as junk. Once mislearned, the classifier compounds the problem — every future LinkedIn notification reinforces the spam pattern.

The result is a slow drift: useful notifications start ending up in spam, the user stops reviewing the spam folder because it's mostly social mail they don't care about, and then they start missing actual job offers, security alerts, and direct messages. The classifier was trying to help.

Domain Matching Plus Authentication

Spam Killer solves this with a deliberately simple rule: if the sender domain matches the configured social domain list and the message passes both SPF and DKIM, classify it as [SOCIAL]. No content analysis. No score adjustment. No Bayesian feedback loop.

The default social domain list includes:

• LinkedIn: linkedin.com, linkedinmail.com
• Meta platforms: facebookmail.com, instagram.com, threads.net
• X / Twitter: twitter.com, x.com
• Discord: discord.com, discordapp.com
• Reddit: redditmail.com
• YouTube: youtube.com, youtube-noreply.google.com
• Slack: slack.com
• Pinterest: pinterest.com
• TikTok: tiktok.com

And many more — see config.yaml.sample for the full default list. You can add or remove domains as needed; an internal communications team might add their corporate Slack-equivalent's notification domain, while a user who wants TikTok mail to be treated as spam would simply remove it from the list.

Why Authentication Is Required

The SPF and DKIM requirements are not just a formality. Social platforms are extremely high-value impersonation targets for phishing campaigns — fake LinkedIn "you have a new connection" emails and fake Facebook "your account has been locked" emails are some of the most common phishing patterns in the wild.

Real social platforms always pass SPF and DKIM. They have entire engineering teams maintaining their email infrastructure precisely because deliverability matters to them. A phishing email impersonating LinkedIn from an attacker-controlled IP cannot pass SPF for linkedin.com, and cannot generate a valid DKIM signature with LinkedIn's keys.

By requiring both checks, Spam Killer's [SOCIAL] classification effectively becomes a phishing filter for social-themed attacks. A message that looks like a LinkedIn notification but fails authentication cannot be classified as social — it falls through to normal spam scoring, where the heuristic engine will catch the suspicious authentication failure plus phishing language and tag it as [SPAM].

How to Route [SOCIAL] Mail

Once tagged, social mail is easy to route in any mail client. The simplest rule is "subject contains [SOCIAL] → move to Social folder." Most people don't need anything more sophisticated.

For Gmail users, create a filter: Subject contains "[SOCIAL]" → Skip Inbox, Apply label "Social", Mark as read. The "Mark as read" is optional but recommended — most social notifications don't require any action, so leaving them unread just clutters the unread count.

In Outlook, create a Mail Flow Rule (or client-side rule): If subject includes "[SOCIAL]" → Move to folder "Social". You can also match on the X-Spam-Classification: social header for a cleaner rule that doesn't depend on subject text.

Apple Mail and Thunderbird both support similar rules. The key is consistency — pick one place for social mail to land and stick with it.

Why Not Just Block Social Notifications?

Some users ask: if these notifications are unwanted, why not just unsubscribe or block the sender domain entirely?

The answer depends on the user. For many people, social mail contains genuinely useful information mixed in with the noise — a job offer through LinkedIn, a security alert from an account, an actual personal message from a friend on a platform they don't otherwise check. Blocking it entirely is too aggressive. Routing it to a folder you check periodically is the right balance.

For users who genuinely don't want any social mail, Spam Killer makes that easy too: just set classification.social.enabled: false and let the regular Bayesian classifier handle them. They will mostly score as ham (because they pass auth and don't have spam content) and arrive in your inbox, where you can use platform-side notification settings to dial them down.