Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

2018-04-03 10:27 GMT-03:00 Leandro : > Hey guys. We just created an URL signature algorithm to be able to query > an entire URL at our URIBL: > > https://spfbl.net/en/uribl/ > > Now we are able to blacklist any malicious shortener URL. Now I will think > about some public

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

> > We just created an URL signature algorithm to be able to query an entire > URL at our URIBL: > > https://spfbl.net/en/uribl/ > > Now we are able to blacklist any malicious shortener URL > > > Leandro, > > Thanks for all you do! And good luck with that. But there are a few > potential problems.

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

> > > > Then the frequency is 10 per second, not 100ms. Querying more often > > > is a higher frequency. > > > > That is it! 10 per second or one every 100ms. The first is a flow rate > and > > the second is a frequency. > > One every 100ms is a frequency, agreed. > > Two every 100ms is a higher

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Tue, 3 Apr 2018 11:21:35 -0400 Rob McEwen wrote: > Thanks for all you do! And good luck with that. But there are a few > potential problems. When I analyzed Google's shortners about a month > ago, I found that a VERY large percentage of the most malicious > shortened

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 4/3/2018 9:27 AM, Leandro wrote: We just created an URL signature algorithm to be able to query an entire URL at our URIBL: https://spfbl.net/en/uribl/ Now we are able to blacklist any malicious shortener URL Leandro, Thanks for all you do! And good luck with that. But there are a few

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Tuesday 03 April 2018 at 16:43:09, Leandro wrote: > 2018-04-03 11:35 GMT-03:00 RW: > > On Tue, 3 Apr 2018 11:09:38 -0300 Leandro wrote: > > > 2018-04-03 10:34 GMT-03:00 Antony Stone: > > > > "IMPORTANT: Current limit is 100 ms per IP block. Lower frequencies > > > > require contribution.

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

2018-04-03 11:35 GMT-03:00 RW : > On Tue, 3 Apr 2018 11:09:38 -0300 > Leandro wrote: > > > 2018-04-03 10:34 GMT-03:00 Antony Stone < > > antony.st...@spamassassin.open.source.it>: > > > > "IMPORTANT: Current limit is 100 ms per IP block. Lower frequencies > > > require

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

> > > > > > > "IMPORTANT: Current limit is 100 ms per IP block. Lower frequencies > > > require contribution. Please contact us informing your IP or range, for > > > further details." > > > > This means, for example, your system do 10 queries at same second, then > the > > query frequency is

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Tue, 3 Apr 2018 11:09:38 -0300 Leandro wrote: > 2018-04-03 10:34 GMT-03:00 Antony Stone < > antony.st...@spamassassin.open.source.it>: > > "IMPORTANT: Current limit is 100 ms per IP block. Lower frequencies > > require contribution. Please contact us informing your IP or range, > > for

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Tuesday 03 April 2018 at 16:09:38, Leandro wrote: > 2018-04-03 10:34 GMT-03:00 Antony Stone: > > On Tuesday 03 April 2018 at 15:27:11, Leandro wrote: > > > Hey guys. We just created an URL signature algorithm to be able to > > > query an entire URL at our URIBL: > > > > > >

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

2018-04-03 10:34 GMT-03:00 Antony Stone < antony.st...@spamassassin.open.source.it>: > On Tuesday 03 April 2018 at 15:27:11, Leandro wrote: > > > Hey guys. We just created an URL signature algorithm to be able to query > an > > entire URL at our URIBL: > > > > https://spfbl.net/en/uribl/ > > I

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Tuesday 03 April 2018 at 15:27:11, Leandro wrote: > Hey guys. We just created an URL signature algorithm to be able to query an > entire URL at our URIBL: > > https://spfbl.net/en/uribl/ I don't think I understand the following statement on that page: "IMPORTANT: Current limit is 100 ms per

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

Hey guys. We just created an URL signature algorithm to be able to query an entire URL at our URIBL: https://spfbl.net/en/uribl/ Now we are able to blacklist any malicious shortener URL. Now I will think about some public complain interface that automatic lists any correct malicious sample using

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 4/1/2018 7:10 PM, Kevin A. McGrail wrote: No, I don't think it's an April Fool's trick though it is possible. They announced this a day or 2 ago. See https://www.cloudconnectcommunity.com/ccc/ls/community/g-suite-feature-ideas/post/6320666165116928 and

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

02-20 (08:30 MST), Rob McEwen <r...@invaluement.com> wrote: >> >>> >>> RE: The "goo.gl >>> " shortner is OUT OF CONTROL (+ invaluement's response) >>> >> >> <https://tidbits.com/2018/04/01/google-sunsets-goo-gl-url-shortener/> >> > > april fools day :=) >

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

@lbutlr skrev den 2018-04-01 22:46: On 2018-02-20 (08:30 MST), Rob McEwen <r...@invaluement.com> wrote: RE: The "goo.gl " shortner is OUT OF CONTROL (+ invaluement's response) <https://tidbits.com/2018/04/01/google-sunsets-goo-gl-url-shortener/> april fools day :=)

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2018-02-20 (08:30 MST), Rob McEwen <r...@invaluement.com> wrote: > > RE: The "goo.gl > " shortner is OUT OF CONTROL (+ invaluement's response) <https://tidbits.com/2018/04/01/google-sunsets-goo-gl-url-shortener/> -- Technically, Aziraphale was a Principali

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 03/18/2018 06:59 PM, RW wrote: On Sun, 18 Mar 2018 18:24:36 -0500 David Jones wrote: On 03/18/2018 06:01 PM, Alan Hodgson wrote: On Sun, 2018-03-18 at 17:14 -0500, David Jones wrote: I have Steve Freegard's DecodeShortURLs.pm installed but didn't get any HAS_SHORT_URL hits on this one:

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Sun, 18 Mar 2018 18:24:36 -0500 David Jones wrote: > On 03/18/2018 06:01 PM, Alan Hodgson wrote: > > On Sun, 2018-03-18 at 17:14 -0500, David Jones wrote: > >> I have Steve Freegard's DecodeShortURLs.pm installed but didn't > >> get any HAS_SHORT_URL hits on this one: > > Is it getting any

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 03/18/2018 06:01 PM, Alan Hodgson wrote: On Sun, 2018-03-18 at 17:14 -0500, David Jones wrote: I have Steve Freegard's DecodeShortURLs.pm installed but didn't get any HAS_SHORT_URL hits on this one: https://pastebin.com/t85b0Bns Is it getting any hits? It

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Sun, 2018-03-18 at 17:14 -0500, David Jones wrote: > I have Steve Freegard's DecodeShortURLs.pm installed but didn't get any > HAS_SHORT_URL hits on this one: > > https://pastebin.com/t85b0Bns Is it getting any hits? It definitely hits on that one in a test here. Note it needs Perl's

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 03/10/2018 10:57 AM, Rob McEwen wrote: On 3/10/2018 11:43 AM, Matus UHLAR - fantomas wrote: On 3/10/2018 11:22 AM, Matus UHLAR - fantomas wrote: this is apparently not the case of one url redirector (shortener) points to another shortener. I really hope that the DecodeShortURLs only

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 3/15/2018 11:13 AM, sha...@shanew.net wrote: You might take a look at https://developers.google.com/url-shortener/v1/getting_started 1 miion requests per day is the default limit. Excellent! Thanks for the suggestion. This should help me MUCH! But, unfortunately, it still leaves a

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

You might take a look at https://developers.google.com/url-shortener/v1/getting_started 1 miion requests per day is the default limit. On Wed, 14 Mar 2018, Rob McEwen wrote: On 2/20/2018 9:42 PM, Rob McEwen wrote: Google might easily start putting captchas in the way or

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/20/2018 9:42 PM, Rob McEwen wrote: Google might easily start putting captchas in the way or otherwise consider such lookups to be abusive and/or mistake them for malicious bots... This prediction turned out to be 100% true. Even though others have mentioned that they have been able to

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 3/10/2018 11:43 AM, Matus UHLAR - fantomas wrote: On 3/10/2018 11:22 AM, Matus UHLAR - fantomas wrote: this is apparently not the case of one url redirector (shortener) points to another shortener. I really hope that the DecodeShortURLs only checks fopr redirection at those known

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 3/10/2018 11:22 AM, Matus UHLAR - fantomas wrote: this is apparently not the case of one url redirector (shortener) points to another shortener. I really hope that the DecodeShortURLs only checks fopr redirection at those known redirectors (shorteners), not each http->https shortener and

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 3/10/2018 11:22 AM, Matus UHLAR - fantomas wrote: this is apparently not the case of one url redirector (shortener) points to another shortener. I really hope that the DecodeShortURLs only checks fopr redirection at those known redirectors (shorteners), not each http->https shortener and

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 3/10/2018 3:20 AM, Matus UHLAR - fantomas wrote: do you have an example of any chained redirection not suspicious? On 10.03.18 11:04, Rob McEwen wrote: I haven't examined the code for that plugin very much (yet!) but one type of very common redirect that is very innocent... is the fact

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 3/10/2018 3:20 AM, Matus UHLAR - fantomas wrote: do you have an example of any chained redirection not suspicious? I haven't examined the code for that plugin very much (yet!) but one type of very common redirect that is very innocent... is the fact that a MASSIVE percentage of web

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 07.03.18 10:59, sha...@shanew.net wrote: Just FYI, it does add 3.0 points as soon as it sees any chaining at all. The other 5.0 points get added at 10 redirections. That said, I think you're guess is right that redirections start to look really suspicious after just 3 or 4. do you have an

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

Just FYI, it does add 3.0 points as soon as it sees any chaining at all. The other 5.0 points get added at 10 redirections. That said, I think you're guess is right that redirections start to look really suspicious after just 3 or 4. On Sat, 3 Mar 2018, @lbutlr wrote: On Feb 26, 2018, at

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

John Hardin skrev den 2018-03-03 19:28: This is why the DecodeShortURLs plugin has an explicit limit of 10 lookups (and penalizes such with a total of 8 points). I’d guess more than one redirect is highly suspicious and more than two is probably a waste of time, just score 5.0 and be done with

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Sat, 3 Mar 2018, @lbutlr wrote: On Feb 26, 2018, at 09:55, sha...@shanew.net wrote: This is why the DecodeShortURLs plugin has an explicit limit of 10 lookups (and penalizes such with a total of 8 points). I’d guess more than one redirect is highly suspicious and more than two is

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Feb 26, 2018, at 09:55, sha...@shanew.net wrote: > > This is why the DecodeShortURLs plugin has an explicit limit of 10 > lookups (and penalizes such with a total of 8 points). I’d guess more than one redirect is highly suspicious and more than two is probably a waste of time, just score 5.0

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

2018-02-27 9:03 GMT-03:00 Rob McEwen : > On 2/26/2018 1:00 PM, Kevin A. McGrail wrote: > > DecodeShortURLs has been on my list of must-have plugins for years, so > I was a little surprised it took so long for someone to mention it > in this thread. > > Yeah, my firm is going

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

I will add it to the list, thanks. Regards, KAM On February 27, 2018 7:03:16 AM EST, Rob McEwen wrote: >On 2/26/2018 1:00 PM, Kevin A. McGrail wrote: >>> DecodeShortURLs has been on my list of must-have plugins for years, >so >>> I was a little surprised it took so long

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/26/2018 1:00 PM, Kevin A. McGrail wrote: DecodeShortURLs has been on my list of must-have plugins for years, so I was a little surprised it took so long for someone to mention it in this thread. Yeah, my firm is going to look at subsidizing it's addition to SA and Karsten agreed.  Just

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

> On Feb 26, 2018, at 11:00 AM, Kevin A. McGrail > wrote: > >> DecodeShortURLs has been on my list of must-have plugins for years, so >> I was a little surprised it took so long for someone to mention it >> in this thread. > Yeah, my firm is going to look at

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/26/2018 12:55 PM, sha...@shanew.net wrote: On Mon, 26 Feb 2018, David B Funk wrote: Just be careful how you do that "expand redirections until no more redirections" or you may get caught in a spammer trap. This is why the DecodeShortURLs plugin has an explicit limit of 10 lookups (and

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Mon, 26 Feb 2018, David B Funk wrote: Just be careful how you do that "expand redirections until no more redirections" or you may get caught in a spammer trap. This is why the DecodeShortURLs plugin has an explicit limit of 10 lookups (and penalizes such with a total of 8 points).

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

2018-02-26 10:41 GMT-03:00 Dianne Skoll : > On Mon, 26 Feb 2018 00:07:54 -0600 (CST) > David B Funk wrote: > > > So my bet is that the spammers are crafty enough to check things like > > browser referrer, cookies, etc to detect/differentiate

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Mon, 26 Feb 2018 00:07:54 -0600 (CST) David B Funk wrote: > So my bet is that the spammers are crafty enough to check things like > browser referrer, cookies, etc to detect/differentiate a browser vs a > link-checker. Yep. You need to fake your User-Agent (not

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

> Hi Guys! We provide an URIBL that already have a script in Perl to expand > redirections until no more redirections: I would be uneasy to follow such redirections on a production email system (as opposed to eg a spamtrap system). You are likely „confirming“ live email addresses to the

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

2018-02-26 3:07 GMT-03:00 David B Funk : > > Just be careful how you do that "expand redirections until no more > redirections" or you may get caught in a spammer trap. > > If you're going thru a professional redirect site like goo.gl or bit.ly > you're probably

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Sun, 25 Feb 2018, LeandroCarlosRodrigues wrote: Amir Caspi wrote On that note -- regardless of what OTHER HW/SW solutions might do, since this is a SpamAssassin mailing list ... is there any facility to implement this in SA? That is, when calling the URIBL plugin, could it check both the

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Sun, 25 Feb 2018 05:25:06 -0700 (MST) LeandroCarlosRodrigues wrote: > Amir Caspi wrote > > On that note -- regardless of what OTHER HW/SW solutions might do, > > since this is a SpamAssassin mailing list ... is there any facility > > to implement this in SA? That is, when calling the URIBL

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

Amir Caspi wrote > On that note -- regardless of what OTHER HW/SW solutions might do, since > this is a SpamAssassin mailing list ... is there any facility to implement > this in SA? That is, when calling the URIBL plugin, could it check both > the shortened URL and the expanded URL (for known

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2018-02-21 (09:27 MST), Alex wrote: > > This is what DecodeShortURLs is for > https://github.com/smfreegard/DecodeShortURLs Aha! I knew something like that must exist! -- EIR OWN DESTINY. THEY TOUCH THE EARTH LIGHTLY.

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

> On Feb 21, 2018, at 12:45 PM, Dianne Skoll wrote: > > Someone earlier posted a link to https://github.com/smfreegard/DecodeShortURLs Oops, I missed that... must have thought it was just about decoding and not about SA. Thanks for clarifying! --- Amir

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/21/2018 2:41 PM, Amir Caspi wrote: On Feb 21, 2018, at 9:57 AM, Dianne Skoll wrote: That's why you only want to do it for URLs that are absolutely known to be shortened URLs. You have to keep a list of known URL-shorteners. On that note -- regardless of what

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

> On Feb 21, 2018, at 9:57 AM, Dianne Skoll wrote: > > That's why you only want to do it for URLs that are > absolutely known to be shortened URLs. You have to keep a list of > known URL-shorteners. On that note -- regardless of what OTHER HW/SW solutions might do,

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Wed, 21 Feb 2018 12:41:05 -0700 Amir Caspi wrote: > On that note -- regardless of what OTHER HW/SW solutions might do, > since this is a SpamAssassin mailing list ... is there any facility > to implement this in SA? Someone earlier posted a link to

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/21/2018 11:48 AM, Anthony Cartmell wrote: Meanwhile - adding URI lookups (for URIs in the body of the domains) and/or the option to add 3rd party URI list lookups - is STILL is missing from MANY widely used anti-spam systems. If you mean following URLs in messages, you do need to be aware

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Wed, 21 Feb 2018 16:48:40 + Anthony Cartmell wrote: > If you mean following URLs in messages, you do need to be aware that > this can break one-time login links. Big time. That's why you only want to do it for URLs that are absolutely known to be shortened URLs.

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On 2/21/2018 11:44 AM, Dianne Skoll wrote: On Wed, 21 Feb 2018 16:35:27 + Karol Augustin wrote: I think the point here might be that if Google acted promptly on abuse spammers would stop using shorteners. True, that might happen. OTOH, I see about as many spams with

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

> Meanwhile - adding URI lookups (for URIs in the body of the domains) > and/or the option to add 3rd party URI list lookups - is STILL is > missing from MANY widely used anti-spam systems. If you mean following URLs in messages, you do need to be aware that this can break one-time login links.

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On Wed, 21 Feb 2018 16:35:27 + Karol Augustin wrote: > I think the point here might be that if Google acted promptly on abuse > spammers would stop using shorteners. True, that might happen. OTOH, I see about as many spams with bit.ly shorteners as goo.gl shorteners

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/21/2018 11:12 AM, Dianne Skoll wrote: Really? This isn't rocket science. If I thought of it, I'm sure dozens if not hundreds of others have thought of it and implemented it. Meanwhile - adding URI lookups (for URIs in the body of the domains) and/or the option to add 3rd party URI list

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On 2018-02-21 16:31, Dianne Skoll wrote: > On Wed, 21 Feb 2018 11:29:00 -0500 > Rob McEwen wrote: > >> Nevertheless, it is a shame to have to shift more of the burden onto >> spam filters to do more work (some of which requires MORE latency) - >> in order to partly mitigate

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On Wed, 21 Feb 2018 11:29:00 -0500 Rob McEwen wrote: > Nevertheless, it is a shame to have to shift more of the burden onto > spam filters to do more work (some of which requires MORE latency) - > in order to partly mitigate Google's failure to prevent/correct the > abuse.

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On 2/21/2018 11:11 AM, Dianne Skoll wrote: I guess I misinterpreted: "...such automated lookups could also put a huge extra burden on Google's servers..." from Message-Id Oh yeah, I'd forgotten about that part. it was a more minor point.

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Wed, Feb 21, 2018 at 1:38 AM, @lbutlr wrote: > On 2018-02-20 (22:10 MST), Reindl Harald wrote: >> >> you may hit confirmation-urls (both ham and spam), trigger actions, trigger >> *one-time* urls which are invalid for the user after a dumb bot used

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Wed, 21 Feb 2018 11:00:48 -0500 Rob McEwen wrote: > > [Expanding shorteners] been part of our practice for about a year now. > Excellent! I wish others would be as innovative and on top of things > as you are! Unfortunately, your statement doesn't alter my point you >

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On Wed, 21 Feb 2018 10:58:17 -0500 Rob McEwen wrote: > On 2/21/2018 10:37 AM, Dianne Skoll wrote: > > The concern voiced in another email about overloading Google's > > infrastructure is quite charming and quaint. > My concern was NEVER about overloading google. I guess

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/21/2018 10:39 AM, Dianne Skoll wrote: We use HEAD requests to expand known URL-shorteners on a cluster that peaks around 60 msgs/s Thanks for that information. That is good to know! (b) and this isn't going to suddenly become a feature inside of many types of spam filtering hardware and

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On 2/21/2018 10:37 AM, Dianne Skoll wrote: The concern voiced in another email about overloading Google's infrastructure is quite charming and quaint. My concern was NEVER about overloading google. My concern was about Google auto-blocking or throwing a captcha at very high volume and

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

Dianne Skoll skrev den 2018-02-21 16:37: We do a HEAD request and it works on most URL shorteners. The concern voiced in another email about overloading Google's infrastructure is quite charming and quaint. +1 some with icla could add this to spamasssassin with

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Wed, 21 Feb 2018 02:30:40 -0500 Rob McEwen wrote: > (a) it might not "scale" for high volume mail flows and DNSBLs who, > like invaluement, process dozens (or more) spams per second. We use HEAD requests to expand known URL-shorteners on a cluster that peaks around 60

Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On Tue, 20 Feb 2018 23:38:53 -0700 "@lbutlr" wrote: > As I suspected, it is possible to get the goo.gl target URL without > loading the site, though using curl is probably not realistic in this > specific case. We do a HEAD request and it works on most URL shorteners. The

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2018-02-21 (00:52 MST), Charles Sprickman wrote: > > You can also see all the analytics by appending “.info” to the URL, eg: > http://goo.gl/ylUAd.info True, but that is a web browser solution, not something that could, for example, be scripted (well, not easily or

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

> On Feb 21, 2018, at 1:38 AM, @lbutlr wrote: > > On 2018-02-20 (22:10 MST), Reindl Harald wrote: >> >> you may hit confirmation-urls (both ham and spam), trigger actions, trigger >> *one-time* urls which are invalid for the user after a dumb bot

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/21/2018 1:38 AM, @lbutlr wrote: As I suspected, it is possible to get the goo.gl target URL without loading the site, though using curl is probably not realistic in this specific case. That is an idea worth exploring! Some might greatly benefit from that. However: (a) it might not

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/21/2018 1:17 AM, @lbutlr wrote: goo.gl (and other shorteners) are used for far more than email. That said, most my incoming email is rejected long before it get to any sort of URI lookups based on just the transaction information, That is to say, upwards of 90% of incoming mail is

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2018-02-20 (22:10 MST), Reindl Harald wrote: > > you may hit confirmation-urls (both ham and spam), trigger actions, trigger > *one-time* urls which are invalid for the user after a dumb bot used them not > talking about that it would be illegal in many countries in

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2018-02-20 (19:42 MST), Rob McEwen wrote: > > I ran stats on a sample set of a few thousand mailboxes, over a period of > several hours today (mostly during business hours for these particular > organizations who use these mailboxes) - and this produced a combined 24K

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/20/2018 6:05 PM, @lbutlr wrote: On 2018-02-20 (08:30 MST), Rob McEwen wrote: Spammers are starting to use this to evade spam filters, This is not news. Spammers have been using shortness since 3 seconds after tinyurl.com launched. My "this" was /*specifically*/

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2018-02-20 (08:30 MST), Rob McEwen wrote: > > Spammers are starting to use this to evade spam filters, This is not news. Spammers have been using shortness since 3 seconds after tinyurl.com launched. > Keep in mind that, if a marketer is doing things the right way,

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/20/2018 12:21 PM, Reindl Harald wrote: we have well working outbound spamfilters Excellent! but just because someone has a google-shortener within a mail says *nothing at all* - frankly i even got a week ago a mail from my boss where the google-shortener was used for a only internal

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/20/2018 11:45 AM, Rob McEwen wrote: And we ALL have to constantly shift our tactics to deal with emerging realities like this one - or risk getting left behind by our competitors who do keep up. ALSO - Likewise, it was very frustrating that I had to spend hours late last night making

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/20/2018 10:57 AM, Reindl Harald wrote: and how do you imagine that i prevent paying customers to use whatever url-shortener? Perhaps use the SAME methods that an ESP would use to prevent a customer from sending an egregious phish (or terminate their account for sending a phish). Of

The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

RE: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response) WARNING FOR ESPs AND MARKETERS: Google's "goo.gl" shortner is OUT OF CONTROL. Spammers are starting to use this to evade spam filters, and Google isn't keeping up with the abuse, nor shutting th