Running ShrinkThisLink, a free link shrinker, isn't quite as easy as you might expect. As I recently mentioned, I recently commissioned a new spam detection system in order to try to pick up on links being used in spam without needing anyone to report the spam.
So far, this seems to be working quite well. One way I can tell that it's working is that the number of people emailing me in relation to spammed links has increased. You may be wondering right now how such an increase can be a good sign. If you are, you evidently haven't run a website which spammers attempt to (ab)use.
I endeavour to reply to every single legitimate email sent to ShrinkThisLink - by hand, not with any kind of automated system. Unfortunately, some people not only fail to recognise the email as spam and discard it, but proceed to click the links contained within. When faced with a page informing them that "the link you have attempted to view has been blocked due to spamming or other abuse" and providing them with an email address to contact "if you believe this is in error," some of these people then proceed to contact that address and ask for further details on the spammed offer. Surely replying to the email would make more sense? I've even had some who forward the spam on, which, I will admit, is a step up from the people who complain about a link being blocked, but don't actually mention what the link in question is.
Between the reports of spam and the spam that's been forwarded in requests for further information on the "fantastic offer," it has become evident that spammers have realised that they really don't need to set up a mail server (or compromise one) in order to send their spam. A disturbing trend is to use Yahoo! Groups invitations as a medium for spamming.
Yahoo! Groups invitations can be sent to any email address, and can contain text (including links) specified by the person sending them. Spammers are taking advantage of these two facts to point people at websites completely unrelated to Yahoo! Groups en masse. Yahoo! don't seem to be willing to do anything at all about this problem - I have personally reported several sets of Groups invitation spam, and have seen no evidence of them taking any action whatsoever.
My suggestion to Yahoo! - and indeed to anyone who currently offers an "invitation" sysem which allows the user to enter email addresses and arbitrary message content - is quite simple: change your approach. I understand that the concept of inviting people to the website can be useful; however providing a form which accepts whatever the user provides, slaps it in an email and sends it to whatever addresses that same user provides, is the wrong way to go about it. If you want to provide an invitation system, give the user a system which generates invitation links - either time-limited or single-use links. Make the user send the emails themselves. If they're genuinely trying to invite people (who they know) to the site, they'll be happy to send the links themselves (either via email or another form of communication such as posting the link on a blog or website, or sending it via instant message). Spammers won't be so interested in the invitation system, though, since it won't actually benefit them in any way.
If, for some reason, you really think you need to keep the email-sending system, do not allow URLs in the message content (or, alternatively, don't even let the user edit the message). If it's an invitation to a website, the website sending the email should automatically add the invitation link - and that should be the only link necessary (except perhaps a "don't send me these annoying invitation emails in future" link). Please stop inviting spammers to send as much spam as they like through your site for free. This means you, Yahoo!.
So far, this seems to be working quite well. One way I can tell that it's working is that the number of people emailing me in relation to spammed links has increased. You may be wondering right now how such an increase can be a good sign. If you are, you evidently haven't run a website which spammers attempt to (ab)use.
I endeavour to reply to every single legitimate email sent to ShrinkThisLink - by hand, not with any kind of automated system. Unfortunately, some people not only fail to recognise the email as spam and discard it, but proceed to click the links contained within. When faced with a page informing them that "the link you have attempted to view has been blocked due to spamming or other abuse" and providing them with an email address to contact "if you believe this is in error," some of these people then proceed to contact that address and ask for further details on the spammed offer. Surely replying to the email would make more sense? I've even had some who forward the spam on, which, I will admit, is a step up from the people who complain about a link being blocked, but don't actually mention what the link in question is.
Between the reports of spam and the spam that's been forwarded in requests for further information on the "fantastic offer," it has become evident that spammers have realised that they really don't need to set up a mail server (or compromise one) in order to send their spam. A disturbing trend is to use Yahoo! Groups invitations as a medium for spamming.
Yahoo! Groups invitations can be sent to any email address, and can contain text (including links) specified by the person sending them. Spammers are taking advantage of these two facts to point people at websites completely unrelated to Yahoo! Groups en masse. Yahoo! don't seem to be willing to do anything at all about this problem - I have personally reported several sets of Groups invitation spam, and have seen no evidence of them taking any action whatsoever.
My suggestion to Yahoo! - and indeed to anyone who currently offers an "invitation" sysem which allows the user to enter email addresses and arbitrary message content - is quite simple: change your approach. I understand that the concept of inviting people to the website can be useful; however providing a form which accepts whatever the user provides, slaps it in an email and sends it to whatever addresses that same user provides, is the wrong way to go about it. If you want to provide an invitation system, give the user a system which generates invitation links - either time-limited or single-use links. Make the user send the emails themselves. If they're genuinely trying to invite people (who they know) to the site, they'll be happy to send the links themselves (either via email or another form of communication such as posting the link on a blog or website, or sending it via instant message). Spammers won't be so interested in the invitation system, though, since it won't actually benefit them in any way.
If, for some reason, you really think you need to keep the email-sending system, do not allow URLs in the message content (or, alternatively, don't even let the user edit the message). If it's an invitation to a website, the website sending the email should automatically add the invitation link - and that should be the only link necessary (except perhaps a "don't send me these annoying invitation emails in future" link). Please stop inviting spammers to send as much spam as they like through your site for free. This means you, Yahoo!.
No comments have been posted on this entry.
Post a comment:
Sorry, comments have been disabled.
Sorry, comments have been disabled.