TinyURL.com -- can spamcop send reports to abuse@tinyurl.com (rather than abuse@cloudflare.com)?

[lartingyou]

Hello - currently, when spamvertised links are on tinyurl.com, abuse reports go to the hosting ISP (I think) which is abuse@cloudflare.com (see this sample). Cloudflare is ineffective, as it is merely the hosting ISP and I believe it serves no purpose sending reports there.

However, the email abuse@tinyurl.com is very responsive - they shut down the URLs within an hour sometimes. I have been manually larting them for months, but it's much work and would be nicer for me (and make SpamCop more effective) if they received the abuse reports directly I think.

Thanks for listening!

 

[Lking]

The SpamCop parser is a tool for your use. You can add "others" to receive copies of the report.

When you review the report for email you have submitted, BEFORE you press send, if you have a paid account, you can add the abuse email for tinyurl.com

[lartingyou]

Ok, I gather from your answer that I have to pay to fix the problem (myself). Fair enough.

What about all the other people who report those spams using TinyURLs that don't know that tinyurl.com links won't be terminated unless they send reports to the correct address? 

[Lking]

Historically the parser has had three objectives: 1) Identify the source of the spam & add the source to the SCBL, 2) Send a spam report to the abuse email of the source ISP, and 3) send spam reports to those advertised/linked in the spam.

To maintain SpamCop's credibility there needed to be a zero false positive rate for identified spammers and spam reports sent. That included the lowest  priority, links in the body of the spam, including TinyURLs.

To differentiate between a TinyURL to a "drug store" and say an article in the New York Times each link would need to be followed, if still valid. All requires cpu cycles and this is the lowest priority. Clock cycles cost money. Everyone must set priorities on how to uses available resources.

[lartingyou]

100% agree CPU is money, but I'm only asking a report go to a different address. I don't understand the argument about drug stores vs NY Times.

Here's how Bit.ly is parsed (there is no following of links as far as I can see). I'm suggesting it work in a similar fashion for tinyurl.com: https://www.spamcop.net/sc?id=z6781795513z92e8821763db5d3a682e284b20ea47d3z#report

Using the CPU is money reasoning, because reports for tinyurl.com go to abuse@cloudflare.com, there appear to be more steps in the handling (see the lines in red) compared to bit.ly (which just knows to use abuse@bit.ly).

Quote

SpamCop v 5.4.0 © 2022 Cisco Systems, Inc. All rights reserved.

Parsing input: tinyurl.com

Host tinyurl.com (checking ip) = 104.20.138.65
Routing details for 104.20.138.65
[refresh/show] Cached whois for 104.20.138.65 : abuse@cloudflare.com
Using abuse net on abuse@cloudflare.com
abuse net cloudflare.com = abuse@cloudflare.com
Using best contacts abuse@cloudflare.com
 

SpamCop v 5.4.0 © 2022 Cisco Systems, Inc. All rights reserved.
Parsing input: https://bit.ly

Host bit.ly (checking ip) = 67.199.248.10
Routing details for 67.199.248.10
[refresh/show] Cached whois for 67.199.248.10 : abuse@bitly.com
Using best contacts abuse@bitly.com

I hope you can reconsider. 🙏

[RobiBue]

6 hours ago, lartingyou said:

I hope you can reconsider. 🙏

Just to point out, Lking is a forum admin and has nothing to do with the way SC works. He just has more experience during all these years he's been doing it
Back in the days when Julian set up SC, everything was fluid and you might have gotten through to have bitly and tinyurl report to said addresses.
Unfortunately Cisco/IronPort is now at the helm of the ship and things work differently.
You also have to take into consideration that SC checks the different databases be it for IP or for domain abuse addresses. Many of those abuse addresses get their mailbox full really quick if a spam slew is happening and therefore SC gets bounces and, even though the IP is entered in the SCBL, the report then ends up going to /dev/nul to save bandwidth since it would be returned undeliverable anyway....

 

HTH

[lartingyou]

1 hour ago, RobiBue said:

Back in the days when Julian set up SC, everything was fluid and you might have gotten through to have bitly and tinyurl report to said addresses.
Unfortunately Cisco/IronPort is now at the helm of the ship and things work differently.

I guess my behavior is showing my age. Indeed I'm old school with SpamCop. My account here doesn't show it, but on the old forum I was pretty active in the early to mid-2000s, even exchanged a few times with Julian. After I got a death threat on my phone at work in 2006 or so (I had been careless with my email alias when I informed a web site owner that his/her site had been hacked in a bank phishing scam), I scaled back my anti-spam (zombie fighting) activities. Not worth it!

Interestingly, after all the manual LARTs I sent recently, the spams I get every day haven't used tinyurl.com for about 3 days... I'm not holding my breath.

[gnarlymarley]

I think redirecting to the correct abuse address would require to know the whole IP subnet. Though if SC was able to add an exception look up table for Microsoft, then they should be able to add a look up table for trusts URLs that would save CPU for known URLs.