Spam and Malware Protection

Yesterday’s New York Times warns that spammers have started using URL shorteners. The article quotes a corporate-email expert who takes a dim view of micro-blogging services: “You can’t trust any link on there.”

But that really doesn’t seem to be the case. In a typical week, users click on 160 million short URLs, and flags 2-3 million links as spam. In other words, the overall spam rate is pretty low. That might have to do with the nature of social media — why follow someone who spams you? — and partly to do with the spam controls that the team has put in place. has always offered four kinds of protection against spam and malware. The first is transparency. Our preview plug-in allows users to see the long urls behind shortened hashes. Our API allows applications like TweetDeck and Twitter Search to offer special previews for anyone worried about clicking on short URLs. And you can append a + to any link in order to see information about it, including the destination URL.

Second, integrates real-time spam-filtering services like SURBL and Google Safe Browsing. We use multiple filters, and we’re looking for more; we recently reached out to several companies with promising technology, including the one mentioned in the New York Times.

When a link or a domain is flagged as spam, we don’t delete or remove it. Instead, taking our cue from Firefox and other browsers, we offer an interstitial warning page. It wouldn’t be appropriate for us to freeze or delete the short URL, because that might make seem broken.

Third, we don’t recycle hashes, or allow users to change mappings once they’ve been created. Spammers can’t bait and switch by offering quality content first and then malware. A short URL will take you to the same destination on every click.

Our community manager, Rex Dixon, along with his team of volunteers, offers a fourth layer of protection. Feel free to bring spam to their attention by writing to

If you find that you’ve been incorrectly marked as spam, please send a note to and we’ll investigate. doesn’t currently maintain a whitelist of its own, so if SURBL has marked you as a spammer, note that you will have to go directly to SURBL to get off the block list.