What further can URL shorteners and redirectors do to prevent abuse?
Back
What further can URL shorteners and redirectors do to prevent abuse?
- Don’t string several shorteners/redirectors together!
- This includes ‘Don’t shorten other shorteners’ and ‘Don’t accept referrals from other shorteners.’
- DBL has a specific return code for abused shorteners/redirectors in the DBL zone: 127.0.1.103.
- For more in-depth information, see our blog article Changes in Spamhaus DBL DNSBL return codes.
- Don’t redirect to domains with the ‘A’ Record on the SBL (and possibly the XBL – your decision).
- Check blocklists at the time of URL creation and again, later, as traffic on the new URL ramps up (a day or a week’s time later).
- Don’t allow users to change the landing URL after the redirect is created.
- Don’t provide an interstitial link to the spammer’s payload if abuse is detected: Fully suspend the offending URL (404 or 410 HTTP return).
- Code a system to prevent automated URL creation (using good CAPTCHA or other bot-stopping tools).
- If you have access to the Spamhaus ZRD product, consider not creating URLs for brand new domains with no reputation.
- Do create and maintain role accounts & feedback loops (FBLs) to help detect abuse, and process that information promptly.
- The ISP Spam Issues FAQ can provide more tips on dealing with abuse of Internet resources in general, especially “Role Accounts & Feedback Loops”.
- Also see this article from SURBL about the issue for additional points of view and information.