Spamhaus & URL Shortening Services

On March 5th, Spamhaus announced a change to its DBL (Domain Block List). They're now breaking out a separate category of listings specific to spamvertized URL redirectors that appear in spam. Meaning, if URL redirectors like bit.ly show up in a lot of spam, they're likely to be listed in this new zone and are likely to be blocked by users of the Spamhaus DBL.

Spamhaus provides a mechanism by which ISPs and filterers can choose whether or not to block based on these listings -- there's a separate result code specific to this type of listing. If your spam filter allows it, you can customize your settings to block or not block based on this type of listing.

This new functionality from Spamhaus is rather a big deal, in my estimation. What they're doing is putting redirect services on notice that the days of blacklists avoiding listings of these services to prevent false positives are over; if your redirect domain shows up in spam, you have a problem that you need to address, and your domain is likely to get blacklisted if that problem persists.

By offering that separate result code, Spamhaus is effectively allowing filterers and ISPs to decide whether or not to respect these listings (block based on these listings). The choice is left to the ISP or filterer, but I am pretty sure that ISPs *will* indeed block based on these listings -- causing new, significant pain for redirect services who have ongoing spam issues.

I wouldn't want to be in bit.ly's shoes right now, but as somebody who receives over 750,000 spam emails every month, I applaud these efforts by Spamhaus to help address the ever-growing problem of spammers utilizing these redirectors to try to get around blacklistings. Redirect services need to put measures in place to prevent malicious misuse of their services -- and not few do that today. A site like a bit.ly needs to check and ensure that a URL doesn't land on a bad, blacklisted domain -- or else it risks finding itself blacklisted as a result.

No comments:

Post a Comment

Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.