Spammers Have Started to Shorten Their URLs!

Shortened URLs are great for character-conscious Tweeters, marketers who want to track Web site visitors, and even perhaps an opportunity for venture capitalists who are investing in companies such as Bit.ly.

But they are also providing a boon to spammers.

MessageLabs, a division of Symantec, said today the presence of shortened URLs in spam had skyrocketed over the last few days and now appears in more than 2 percent of all spam.

The company says that the dozens of new URL-shortening services are allowing spammers to evade anti-spam tools that aim at Web domains known for sending spam. The services also inadvertently help spammers trick Internet users who would normally be wary of domain names like, say, Spammy.ru.

Spammers have long relied on redirecting services to mask their URLs. However, the URL-shortening services, which are free and require no registration, save them from having to register for a redirect site and, in some cases, solve a distorted-word puzzle (commonly called a “captcha”) to mask their domain name.

Matt Sergeant, an anti-spam technologist at Message Labs, said the culture of Twitter — with people urgently retweeting links, often without even clicking on them — is sure to contribute to the spam problem in the months ahead. “The entire trust model of clicking on the URL is completely broken,” he said. “You can’t trust any URL on there.”