I've been a Bitbucket user for many years and have received 17 invites for Jira Service Management, a product I'm otherwise unaware of, over the past two weeks. It's pretty annoying because I can't tell if it's spam (apparently not), if someone is really inviting me (if so, who??) or if it's just a random bug (if so, what do I do about it?). Not sure it qualifies as abuse, but I emailed abuse@atlassian.com anyway. If you have any other suggestions I'd appreciate it.

If you are not expecting to be invited, don't accept the invitation. Check with your company or the companies you work with the find out if they invited you to access their products.

As I said, anybody can sign up for the Atlassian SaaS products for free, and then can invite anybody to access their products simply by typing in an email address. It does appear that some entities are abusing this and using it as a way to try to get confirmation of emails for future spam or potential launch phishing scams.

If you can't confirm independently that the invitation is legitimate from an entity that you know, forward it to abuse@atlassian.com. Atlassian in investigating these sites to such down ones that are not legitimate.

"It does appear that some entities are abusing this and using it as a way to try to get confirmation of emails for future spam or potential launch phishing scams."

Agreed. I've sent the info on to abuse@atlassian.com.

This has got to stop. I have deleted 30+ and sent about 10 to abuse@atlassian.com

(Disclaimer: I am just another Atlassian customer, not a member of the Atlassian Team, and I have no special expertise in this type of spam prevention. This is all just my opinion and speculation.)

It is unfortunate that bad actors are abusing the system so prolifically at this time, but I'm not sure what Atlassian can do to proactively prevent it.

Anybody can send a message to your email address by either finding that email address on a list or using a program to systematically construct and send messages to email addresses. Atlassian does not control to whom invitation emails are being sent by any given site.

Atlassian can investigate sites that might be set up by bad actors if you forward the emails to abuse@atlassian.com. Perhaps they might be able to prevent the set up of additional sites by the same bad actors (based on the email address used by those bad actors). 

I'm not sure how Atlassian could prevent bad actors from creating other email addresses to use to set up additional sites, nor how they can prevent those sites from sending invitation emails other than by shutting down the sites after they have received notification via abuse@atlassian.com.

Atlassian also has no control over the ability of other entities to obtain your email address.

If you are not an Atlassian product user, you could set up your email client to consider any email from the atlassian.net domain as spam and subsequently ignore/delete it.

If you are an Atlassian product your, you would need to be more specific in identifying the domains/emails from which you expect to see legitimate emails.