Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

Avoid URL Shortening Services for Business-Related Links

It's so easy to be sucked in by a whizzy interface and a happy shiny feature set. I've known about URL shortening services since their inception, but I've always been troubled by the fact that there is no guarantee that they will continue to redirect URLs forever. The site could go down, the company could go bankrupt, and so on. In fact, this has happened, with the service (see " Trims Its Shortening Service," 11 August 2009).

For those unfamiliar with URL shortening services, the basic idea is that you give them a long, unwieldy URL to be shortened, and they store it in a database along with a unique code of four to seven characters. The service then appends that code to their already short domain - I'll be talking about <>, for example - and when someone clicks the short link, the service's Web server looks up the associated long link and silently redirects to it. The shortened URLs are popular for space-constrained situations like Twitter, where 140 characters leaves little room for a long URL. (For more details, see "The Incredible Shrinking URL," 6 February 2006.)

In recent years, the URL shortening services have tried to differentiate themselves by adding a variety of features, and this is why I was attracted to has an elegant interface that makes it easy to create short URLs, either from their site or using a bookmarklet. They maintain a list of all the URLs you've shortened, and you can even give them readable names. For each shortened URL, tracks how many clicks it has received, and provides a nicely formatted page with graphs that show you how many people have clicked on your link across time, what the top referrers were, and the country locations of the people who clicked. also provides an analysis page that summarizes that data for all your links.

Sounds great, right? So I thought as well, and I've been using in a limited way to track how many people clicked certain links - mainly some truly long ones - in Take Control announcement messages I send out. It has worked fine up to now, and I wasn't terribly worried about having a major outage or the company behind going bankrupt in the week or so that my message announcing "Take Control of PDFpen 5" would be live. The risk seemed small.

What I hadn't counted on was the scourge of the Internet, spammers. URL shortening services are apparently being hammered constantly by these scoundrels, who see them as a way of obfuscating URLs that point to phishing sites, malware sites, and so on. I'm sure it's a never-ending battle between the engineers and the spammers, and, like other services, also makes it possible for users to report spammy links. When a link is flagged as being spammy, displays an interstitial page warning users that the destination might be problematic. It is possible to click through to the destination, but the mere existence of the page is going to scare off nearly everyone.

That's what happened to us. Someone on our mailing list reported the link to the "Take Control of PDFpen 5" book page as suspect, and suddenly, everyone who subsequently followed that link saw's warning page. Luckily, a kind reader alerted us to the problem, and support promptly removed the flag. Nevertheless, the damage was done.

Before I go further, let me be clear.'s support representative, Rex, responded quickly, answered my questions, and was unfailingly polite. I can in no way complain about my support experience. Nevertheless, I cannot recommend anyone use or a similar service for any link that impacts your business.

The simple fact of the matter is that it's too easy for someone - anyone - to flag any shortened link as spam in order to cause to display that warning page. Even if it wasn't done with malice, as I'm sure it wasn't in our case, having a third party warning about the safety of a link to your site will both prevent people from clicking through and hurt your reputation. We send email only to people who have ordered from us in the past and who have agreed to be contacted, and we even delayed this particular mailing by a few hours to finish off a quick-unsubscribe feature for our site. We're trying to be as non-spammy as we can, but all it takes is one person who doesn't remember buying a book from us 7 years ago and doesn't read carefully, and suddenly we're tarred as spammers.

Rex at said they had no way of knowing what was and was not legitimate. When I pointed out that they could easily have contacted me first, since I'd created the link from a registered account with my contact information, or that they could at least whitelist my domain or links made from my account in the future, he said that has an extremely small team and has been unable to get to such features, but that he'd forward them on up the chain again. I have no reason to disbelieve him, nor do I have any reason to doubt that is essentially under constant attack from spammers.

And yet, it comes down to trust. If I can't trust that my links will be redirected quickly and silently, there's no way I can even consider using the service for business purposes. Yesterday I was extremely happy with, since I felt the clickthrough statistics were providing some useful data. Today I'm left wondering how many sales were lost and how many of my customers think less of me because of's flagging. Needless to say, says nothing about this possibility in the interface when you're creating links.

A quick glance at other URL shortening services reveals similar policies, so I can't recommend using one at all unless you have some guarantee that your URLs won't be flagged as spam or encumbered in some way.

After I initially wrote this article, I heard from a couple of people for whom the Take Control mailing in which I'd used the link had been marked as spam by an automatic spam filter run by their email provider, whereas previous Take Control mailings had not been. Although there's no way of knowing for sure, it seems plausible that the fact that scoundrels are using services like to obscure malicious links means that email messages with shortened URLs may be more likely to trigger spam filters.

The URL shortening business is a tough one, since it's not a particularly difficult technical task. We could - and very well may - build our own internal shortening service. It won't be as whizzy as, I'm sure, but at least we'll be able to trust it to redirect our URLs silently and without an increased chance of triggering spam filters.


Try productivity tools from Smile that will make your job easier!
PDFpen: PDF toolkit for busy pros on Mac, iPhone, and iPad.
TextExpander: Your shortcut to accurate writing on Mac, Windows,
and iOS. Free trials and friendly support. <>

Comments about Avoid URL Shortening Services for Business-Related Links
(Comments are closed.)

Neil Ticktin  2010-09-24 17:57
One thing that can be considered is using your own shorteners -- that you are in control of. If you have the infrastructure to do this, and you can map it to your brand to get that benefit as well, you may have a better way to do it that addresses Adam's concerns.
Betty Fellows  2010-10-04 17:40
I would like to know what URL shorteners are available for one own's site? I do some affiliate marketing and want to protect my id.
Rob Christie  2010-09-25 11:56
I apologize that this comment is a bit self-serving, but you should take a look at We are a white-labeled short URL service. You provide the domain, and by default we only allow creation of short URLs on your account by authorized users. Since our service is not an open public service, there is less of an issue of spam.
Adam Engst  An apple icon for a TidBITS Staffer 2010-10-05 05:36
Can you guarantee that no shortened URL will ever be flagged as spam, then?
My main email is flagged as spam. Verizon has blocked all mail from Yahoo Spain using the servers in the Netherlands. I have to use a remailer to send messages to my friends.
There are no guarantees on the Internet. We have to be more creative to get around roadblocks--shortened URLs, blocked email servers, browser sniffers [I can't believe they're still around!].
Michael Müller-Hillebrand  2010-09-26 01:32
As a business you need control, so you better run your own URL shortener. I noticed the NY Times was using as a short domain, which looks clever, but now I see that this is a service by, well... It shouldn't be difficult at all to have your own little redirection script running...
Adam Engst  An apple icon for a TidBITS Staffer 2010-10-05 05:40
Yeah, it's easy stuff, and we've even talked about doing it in the past.
Ben Wheeler  2010-09-27 13:22
I never click on short URLs. I want to know exactly where my browser is going and if one clicks on a short URL it could be going anywhere. I always hover over any link and read the address, and if it is suspicious or a short URL I skip it unless it is from a VERY trusted source.
You could miss valuable content that way Ben... you should get one of the add-ons/extensions that resolves out the full address automatically for you when you hover over it. Takes a lot of the paranoia out of it.
Dave Fitch  2010-10-05 02:06
Obvious question: what about using - Google's url shortener?
Adam Engst  An apple icon for a TidBITS Staffer 2010-10-05 05:40
I haven't been able to find any stated policy from Google on this service, but at this point, unless there is an unequivocal statement that no shortened URL will ever be flagged as spam when created by a registered user or in some specific fashion, I can't recommend using the service for business-critical links.
I use for shortening URLs. It gives the option of previewing the long URL first simply by adding a dash "-" after the shortened link. TinyURL has similar by adding the word 'preview' as in preview.tinyURL. These services are helpful for those who hesitate to click on other shortened links of much longer URLs.

Better idea is for the services to default to preview while still offering short URLs that don't wrap across lines in email or social network posts and will give users more perceived safety.
StephenB  2010-10-20 12:09
An excellent example of the danger of using shortened URLs arose just recently with the Whitman governor campaign in CA. An URL link was sent out to thousands of recipients with some news about the campaign - but was incorrect by one letter - and ended up linking to a rather unusual Youtube video.


Adam Engst  An apple icon for a TidBITS Staffer 2010-10-20 18:17
Oh, that's hilarious.