lartingyou Posted October 24, 2022 Share Posted October 24, 2022 Hello - currently, when spamvertised links are on tinyurl.com, abuse reports go to the hosting ISP (I think) which is abuse@cloudflare.com (see this sample). Cloudflare is ineffective, as it is merely the hosting ISP and I believe it serves no purpose sending reports there. However, the email abuse@tinyurl.com is very responsive - they shut down the URLs within an hour sometimes. I have been manually larting them for months, but it's much work and would be nicer for me (and make SpamCop more effective) if they received the abuse reports directly I think. Thanks for listening! Quote Link to comment Share on other sites More sharing options...
Lking Posted October 24, 2022 Share Posted October 24, 2022 The SpamCop parser is a tool for your use. You can add "others" to receive copies of the report. When you review the report for email you have submitted, BEFORE you press send, if you have a paid account, you can add the abuse email for tinyurl.com Quote Link to comment Share on other sites More sharing options...
lartingyou Posted October 25, 2022 Author Share Posted October 25, 2022 Ok, I gather from your answer that I have to pay to fix the problem (myself). Fair enough. What about all the other people who report those spams using TinyURLs that don't know that tinyurl.com links won't be terminated unless they send reports to the correct address? Quote Link to comment Share on other sites More sharing options...
Lking Posted October 25, 2022 Share Posted October 25, 2022 Historically the parser has had three objectives: 1) Identify the source of the spam & add the source to the SCBL, 2) Send a spam report to the abuse email of the source ISP, and 3) send spam reports to those advertised/linked in the spam. To maintain SpamCop's credibility there needed to be a zero false positive rate for identified spammers and spam reports sent. That included the lowest priority, links in the body of the spam, including TinyURLs. To differentiate between a TinyURL to a "drug store" and say an article in the New York Times each link would need to be followed, if still valid. All requires cpu cycles and this is the lowest priority. Clock cycles cost money. Everyone must set priorities on how to uses available resources. Quote Link to comment Share on other sites More sharing options...
lartingyou Posted October 25, 2022 Author Share Posted October 25, 2022 100% agree CPU is money, but I'm only asking a report go to a different address. I don't understand the argument about drug stores vs NY Times. Here's how Bit.ly is parsed (there is no following of links as far as I can see). I'm suggesting it work in a similar fashion for tinyurl.com: https://www.spamcop.net/sc?id=z6781795513z92e8821763db5d3a682e284b20ea47d3z#report Using the CPU is money reasoning, because reports for tinyurl.com go to abuse@cloudflare.com, there appear to be more steps in the handling (see the lines in red) compared to bit.ly (which just knows to use abuse@bit.ly). Quote SpamCop v 5.4.0 © 2022 Cisco Systems, Inc. All rights reserved. Parsing input: tinyurl.com Host tinyurl.com (checking ip) = 104.20.138.65Routing details for 104.20.138.65[refresh/show] Cached whois for 104.20.138.65 : abuse@cloudflare.comUsing abuse net on abuse@cloudflare.comabuse net cloudflare.com = abuse@cloudflare.comUsing best contacts abuse@cloudflare.com SpamCop v 5.4.0 © 2022 Cisco Systems, Inc. All rights reserved. Parsing input: https://bit.ly Host bit.ly (checking ip) = 67.199.248.10Routing details for 67.199.248.10[refresh/show] Cached whois for 67.199.248.10 : abuse@bitly.comUsing best contacts abuse@bitly.com I hope you can reconsider. 🙏 Quote Link to comment Share on other sites More sharing options...
RobiBue Posted October 26, 2022 Share Posted October 26, 2022 6 hours ago, lartingyou said: I hope you can reconsider. 🙏 Just to point out, Lking is a forum admin and has nothing to do with the way SC works. He just has more experience during all these years he's been doing it Back in the days when Julian set up SC, everything was fluid and you might have gotten through to have bitly and tinyurl report to said addresses. Unfortunately Cisco/IronPort is now at the helm of the ship and things work differently. You also have to take into consideration that SC checks the different databases be it for IP or for domain abuse addresses. Many of those abuse addresses get their mailbox full really quick if a spam slew is happening and therefore SC gets bounces and, even though the IP is entered in the SCBL, the report then ends up going to /dev/nul to save bandwidth since it would be returned undeliverable anyway.... HTH Quote Link to comment Share on other sites More sharing options...
lartingyou Posted October 26, 2022 Author Share Posted October 26, 2022 1 hour ago, RobiBue said: Back in the days when Julian set up SC, everything was fluid and you might have gotten through to have bitly and tinyurl report to said addresses. Unfortunately Cisco/IronPort is now at the helm of the ship and things work differently. I guess my behavior is showing my age. Indeed I'm old school with SpamCop. My account here doesn't show it, but on the old forum I was pretty active in the early to mid-2000s, even exchanged a few times with Julian. After I got a death threat on my phone at work in 2006 or so (I had been careless with my email alias when I informed a web site owner that his/her site had been hacked in a bank phishing scam), I scaled back my anti-spam (zombie fighting) activities. Not worth it! Interestingly, after all the manual LARTs I sent recently, the spams I get every day haven't used tinyurl.com for about 3 days... I'm not holding my breath. Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted October 31, 2022 Share Posted October 31, 2022 I think redirecting to the correct abuse address would require to know the whole IP subnet. Though if SC was able to add an exception look up table for Microsoft, then they should be able to add a look up table for trusts URLs that would save CPU for known URLs. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.