Can Shortened URLs be Trusted?
MessageLabs, a division of Symantec, said today the presence of shortened URLs in spam has skyrocketed over the past few days and now appears in more than two percent of all spam.
Matt Sergeant, anti-spam technologist at Message Labs: “The entire trust model of clicking on the URL is completely broken. You can’t trust any URL on there.”
While pundits have been discussing for a while now how URL-shorteners are highly advantageous to spammers, I was still floored when I saw the chart in this article. Look at the massive spike over the last week of spam that is using URL-shortening services as a technique to evade filters.
Matt Sergeant's comment is dead on - the whole model of "trusting" URLs as an arbiter of quality is going away. Even if the URL-shortening services shake out to a point where there are only a couple big players left who are able to provide some level of trust / protection, the "average user" will not be informed enough to identify what is good and what is bad. This is the start of a whole new round in the spam wars.
