Here's an example from last night.
This was the email notification I got overnight:
Notice that the original posting included a signature that I'm sure was an attempt at a link.
Here is the post I see this morning:
Note that the signature is gone, and the spammy link is in the body of the post.
I do think this is best done with two separate permissions.
HTTPS Please!