Shortened URLs and spamming

Shortened URLs are widely used on social networks such as Twitter, where the number of characters per message is limited. These URL shortening services can be used to create very short Internet addresses that automatically link to the URL of the page of interest.

Unfortunately, more and more spammers are using this kind of service to hide dubious addresses from an Internet resource. Anti-spam systems automatically analyze the URLs used by spammers, notably via RHSBLs (domain name blacklists) or URL analysis systems. By hiding real addresses behind URL shortening systems, spammers are more likely to get their spam through the anti-spam net. In the first half of 2009, the use of shortened URLs in spam represented around 0.5% of total spam volume. One year later, this concerns more than 5% of spam! The proliferation of this type of service, which reduces Internet addresses, also helps to spread the phenomenon.

But that’s without taking into account the reactivity of anti-spam systems. In fact, some publishers, such as ALTOSPAM, have been integrating systems for several years now that not only rely on the shortened URL, but also automatically retrieve the real redirection address for a more accurate analysis of the e-mail being processed. In this way, not only is the analysis of the e-mail made on the real URL, the one the end-user will actually see, but it also takes into account the fact that it was not directly the target URL, but a redirect.