Applies to

  • Pro
  • Business
  • Enterprise

What to know about Smartsheet and spam

Report suspected bad actors and learn ways to help protect yourself against spam.


  • Smartsheet
  • Pro
  • Business
  • Enterprise

The collaboration features in Smartsheet help people and businesses do their work better. These same capabilities also make Smartsheet attractive to scammers who may attempt to use it to send spam. 

While the Smartsheet platform automatically detects these bad actors and shuts them down, automatic detection isn't always perfect. If you suspect that someone is using Smartsheet or Smartsheet’s name as part of a scam, let us know by contacting Smartsheet at—please include any suspect messages as attachments to your email message.

If you’ve already reported a scam to us, thank you! To help you understand more about this issue, here’s some information about common spammer tactics and things you can do to avoid their schemes.

What spammers do with Smartsheet

Spammers assemble lists of email addresses and then use the Smartsheet system to send spam emails to all of them. The vast majority of the people who get spammed aren't even Smartsheet users—they are just random people that the bad actors target.

How spammers get email addresses

Here are a few ways spammers collect email addresses:

  • They buy lists (legally or illegally).
  • They use harvesting programs—crawl and scrape programs—that scour the internet for instances of text that might be an email address.
  • They use dictionary programs (in the same way that hackers do). These products generate alphabetic/numeric combinations of addresses in sequence. While many of the results are incorrect, these dictionary programs can create hundreds of thousands of addresses per hour, guaranteeing that at least some will work as targets for spam.
  • You unwittingly volunteer your email address to a subscribe/unsubscribe online service. A common unsubscribe tactic is to blast millions of people with a false "you have joined a newsletter" email. When recipients select the Unsubscribe link, they are actually confirming that a real person exists at their email address.

Things you can do to protect yourself against spam

Here are a few best practices to help you reduce the amount of spam you receive.

Use spam filters. Most email providers include a spam filter in their offerings. If your provider doesn’t have one, consider switching to a provider that does.

NEVER respond to spam. When you respond to spam, you let the spammer know that yours is a valid email address. By responding to spam, even if it’s simply to say, “Stop sending me this,” you’ll actually encourage more spam.

Don’t click links in spam emails. Here's one trick you can avoid. Spammers will send email messages containing fake Unsubscribe links to validate your email address. Selecting Unsubscribe in this type of message will simply increase the amount of spam you receive.

Keep your web browser up to date. Stay protected from vulnerabilities that may exist in outdated software by using the latest version of your web browser. 

Use CAPTCHA for forms. Ensure your sheets and forms are not used for spam. Enable CAPTCHA for forms, and avoid publishing to non-authenticated users unless necessary.

Use a unique email address when you register on a website or join a group. When you need an email address to join a mailing list, sign up for services, request more information, or register for a service, use a unique email address that you create just for that purpose instead of your main email address. For example, when you need an email address to receive receipts via email, use a email address from a site like Gmail or Yahoo and create an address especially for that purpose. Consider using a similar strategy for posting to the web in social media, a listserv, a newsgroup, a contact page for a website, or other online forums where you need to use an email address for access.

You can create a modified version of your main email address—this allows you to filter emails sent to that modified address. For example, Gmail allows you to append a plus sign (+) and any combination of characters after the initial part of your email address, and you'll still receive the emails. For more information about how to do that, read this post in the Official Gmail Blog.

Was this article helpful?