Jump to content

TinyURL.com -- can spamcop send reports to abuse@tinyurl.com (rather than abuse@cloudflare.com)?


lartingyou

Recommended Posts

Hello - currently, when spamvertised links are on tinyurl.com, abuse reports go to the hosting ISP (I think) which is abuse@cloudflare.com (see this sample). Cloudflare is ineffective, as it is merely the hosting ISP and I believe it serves no purpose sending reports there.

However, the email abuse@tinyurl.com is very responsive - they shut down the URLs within an hour sometimes. I have been manually larting them for months, but it's much work and would be nicer for me (and make SpamCop more effective) if they received the abuse reports directly I think.

Thanks for listening!

 

Link to comment
Share on other sites

The SpamCop parser is a tool for your use. You can add "others" to receive copies of the report.

When you review the report for email you have submitted, BEFORE you press send, if you have a paid account, you can add the abuse email for tinyurl.com

Link to comment
Share on other sites

Historically the parser has had three objectives: 1) Identify the source of the spam & add the source to the SCBL, 2) Send a spam report to the abuse email of the source ISP, and 3) send spam reports to those advertised/linked in the spam.

To maintain SpamCop's credibility there needed to be a zero false positive rate for identified spammers and spam reports sent. That included the lowest  priority, links in the body of the spam, including TinyURLs.

To differentiate between a TinyURL to a "drug store" and say an article in the New York Times each link would need to be followed, if still valid. All requires cpu cycles and this is the lowest priority. Clock cycles cost money. Everyone must set priorities on how to uses available resources.

Link to comment
Share on other sites

100% agree CPU is money, but I'm only asking a report go to a different address. I don't understand the argument about drug stores vs NY Times.

Here's how Bit.ly is parsed (there is no following of links as far as I can see). I'm suggesting it work in a similar fashion for tinyurl.com: https://www.spamcop.net/sc?id=z6781795513z92e8821763db5d3a682e284b20ea47d3z#report

Using the CPU is money reasoning, because reports for tinyurl.com go to abuse@cloudflare.com, there appear to be more steps in the handling (see the lines in red) compared to bit.ly (which just knows to use abuse@bit.ly).

Quote

SpamCop v 5.4.0 © 2022 Cisco Systems, Inc. All rights reserved.

Parsing input: tinyurl.com

Host tinyurl.com (checking ip) = 104.20.138.65
Routing details for 104.20.138.65
[refresh/show] Cached whois for 104.20.138.65 : abuse@cloudflare.com
Using abuse net on abuse@cloudflare.com
abuse net cloudflare.com = abuse@cloudflare.com

Using best contacts abuse@cloudflare.com
 

SpamCop v 5.4.0 © 2022 Cisco Systems, Inc. All rights reserved.
Parsing input: https://bit.ly

Host bit.ly (checking ip) = 67.199.248.10
Routing details for 67.199.248.10
[refresh/show] Cached whois for 67.199.248.10 : abuse@bitly.com
Using best contacts abuse@bitly.com

I hope you can reconsider. 🙏

Link to comment
Share on other sites

6 hours ago, lartingyou said:

I hope you can reconsider. 🙏

Just to point out, Lking is a forum admin and has nothing to do with the way SC works. He just has more experience during all these years he's been doing it ;)
Back in the days when Julian set up SC, everything was fluid and you might have gotten through to have bitly and tinyurl report to said addresses.
Unfortunately Cisco/IronPort is now at the helm of the ship and things work differently.
You also have to take into consideration that SC checks the different databases be it for IP or for domain abuse addresses. Many of those abuse addresses get their mailbox full really quick if a spam slew is happening and therefore SC gets bounces and, even though the IP is entered in the SCBL, the report then ends up going to /dev/nul to save bandwidth since it would be returned undeliverable anyway....

 

HTH

Link to comment
Share on other sites

1 hour ago, RobiBue said:

Back in the days when Julian set up SC, everything was fluid and you might have gotten through to have bitly and tinyurl report to said addresses.
Unfortunately Cisco/IronPort is now at the helm of the ship and things work differently.

I guess my behavior is showing my age. Indeed I'm old school with SpamCop. My account here doesn't show it, but on the old forum I was pretty active in the early to mid-2000s, even exchanged a few times with Julian. After I got a death threat on my phone at work in 2006 or so (I had been careless with my email alias when I informed a web site owner that his/her site had been hacked in a bank phishing scam), I scaled back my anti-spam (zombie fighting) activities. Not worth it!

Interestingly, after all the manual LARTs I sent recently, the spams I get every day haven't used tinyurl.com for about 3 days... I'm not holding my breath.

Link to comment
Share on other sites

I think redirecting to the correct abuse address would require to know the whole IP subnet. Though if SC was able to add an exception look up table for Microsoft, then they should be able to add a look up table for trusts URLs that would save CPU for known URLs.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...