Only hours after Slack started rolling out its Contact DM feature, the company is being forced to make changes in how it works thanks to the new feature being able send abuse to others through the service.
Thanks to the ability to customize the invitation message sent as part of a DM invite, it was possible for anyone to send abusive messages through it; and to make matters worse, unlike traditional email, there was no way to opt-out, block or filter the messages since they came from an official Slack address.
Slack has now disabled the ability to customize the messages, and acknowledged its misstep with the rollout in a message to The Verge: “After rolling out Slack Connect DMs this morning, we received valuable feedback from our users about how email invitations to use the feature could potentially be used to send abusive or harassing messages. We are taking immediate steps to prevent this kind of abuse, beginning today with the removal of the ability to customize a message when a user invites someone to Slack Connect DMs,” said Jonathan Prince, the company’s vice president of communications and policy.
Slack Connect’s security features and robust administrative controls are a core part of its value both for individual users and their organizations. We made a mistake in this initial roll-out that is inconsistent with our goals for the product and the typical experience of Slack Connect usage. As always, we are grateful to everyone who spoke up, and we are committed to fixing this issue.
Before, it was possible to create channels that feature multiple companies, but the aim was to be able to message anyone who uses Slack in private chats, even if they're not in your team. The feature was made available to teams with paid Slack subscriptions today, and is planned to be available on free plans soon. The goal, just like before, is for Slack to replace email, providing more agile communication both within an organization and between different ones.