This article originally appeared in TidBITS on 2010-09-24 at 3:25 p.m.
The permanent URL for this article is: http://tidbits.com/article/11628
Include images: Off

Avoid URL Shortening Services for Business-Related Links

by Adam C. Engst

It's so easy to be sucked in by a whizzy interface and a happy shiny feature set. I've known about URL shortening services since their inception, but I've always been troubled by the fact that there is no guarantee that they will continue to redirect URLs forever. The site could go down, the company could go bankrupt, and so on. In fact, this has happened, with the tr.im [1] service (see "Tr.im Trims Its Shortening Service [2]," 11 August 2009).

For those unfamiliar with URL shortening services, the basic idea is that you give them a long, unwieldy URL to be shortened, and they store it in a database along with a unique code of four to seven characters. The service then appends that code to their already short domain - I'll be talking about <http://bit.ly/> [3], for example - and when someone clicks the short link, the service's Web server looks up the associated long link and silently redirects to it. The shortened URLs are popular for space-constrained situations like Twitter, where 140 characters leaves little room for a long URL. (For more details, see "The Incredible Shrinking URL [4]," 6 February 2006.)

In recent years, the URL shortening services have tried to differentiate themselves by adding a variety of features, and this is why I was attracted to bit.ly. Bit.ly has an elegant interface that makes it easy to create short URLs, either from their site or using a bookmarklet. They maintain a list of all the URLs you've shortened, and you can even give them readable names. For each shortened URL, bit.ly tracks how many clicks it has received, and provides a nicely formatted page with graphs that show you how many people have clicked on your link across time, what the top referrers were, and the country locations of the people who clicked. Bit.ly also provides an analysis page that summarizes that data for all your links.

[image link] [5]

[image link] [6]

Sounds great, right? So I thought as well, and I've been using bit.ly in a limited way to track how many people clicked certain links - mainly some truly long ones - in Take Control announcement messages I send out. It has worked fine up to now, and I wasn't terribly worried about bit.ly having a major outage or the company behind bit.ly going bankrupt in the week or so that my message announcing "Take Control of PDFpen 5 [7]" would be live. The risk seemed small.

What I hadn't counted on was the scourge of the Internet, spammers. URL shortening services are apparently being hammered constantly by these scoundrels, who see them as a way of obfuscating URLs that point to phishing sites, malware sites, and so on. I'm sure it's a never-ending battle between the engineers and the spammers, and bit.ly, like other services, also makes it possible for users to report spammy links [8]. When a link is flagged as being spammy, bit.ly displays an interstitial page warning users that the destination might be problematic. It is possible to click through to the destination, but the mere existence of the page is going to scare off nearly everyone.

[image link] [9]

That's what happened to us. Someone on our mailing list reported the link to the "Take Control of PDFpen 5" book page as suspect, and suddenly, everyone who subsequently followed that link saw bit.ly's warning page. Luckily, a kind reader alerted us to the problem, and bit.ly support promptly removed the flag. Nevertheless, the damage was done.

Before I go further, let me be clear. Bit.ly's support representative, Rex, responded quickly, answered my questions, and was unfailingly polite. I can in no way complain about my support experience. Nevertheless, I cannot recommend anyone use bit.ly or a similar service for any link that impacts your business.

The simple fact of the matter is that it's too easy for someone - anyone - to flag any shortened link as spam in order to cause bit.ly to display that warning page. Even if it wasn't done with malice, as I'm sure it wasn't in our case, having a third party warning about the safety of a link to your site will both prevent people from clicking through and hurt your reputation. We send email only to people who have ordered from us in the past and who have agreed to be contacted, and we even delayed this particular mailing by a few hours to finish off a quick-unsubscribe feature for our site. We're trying to be as non-spammy as we can, but all it takes is one person who doesn't remember buying a book from us 7 years ago and doesn't read carefully, and suddenly we're tarred as spammers.

Rex at bit.ly said they had no way of knowing what was and was not legitimate. When I pointed out that they could easily have contacted me first, since I'd created the link from a registered account with my contact information, or that they could at least whitelist my domain or links made from my account in the future, he said that bit.ly has an extremely small team and has been unable to get to such features, but that he'd forward them on up the chain again. I have no reason to disbelieve him, nor do I have any reason to doubt that bit.ly is essentially under constant attack from spammers.

And yet, it comes down to trust. If I can't trust that my bit.ly links will be redirected quickly and silently, there's no way I can even consider using the service for business purposes. Yesterday I was extremely happy with bit.ly, since I felt the clickthrough statistics were providing some useful data. Today I'm left wondering how many sales were lost and how many of my customers think less of me because of bit.ly's flagging. Needless to say, bit.ly says nothing about this possibility in the interface when you're creating links.

A quick glance at other URL shortening services reveals similar policies, so I can't recommend using one at all unless you have some guarantee that your URLs won't be flagged as spam or encumbered in some way.

After I initially wrote this article, I heard from a couple of people for whom the Take Control mailing in which I'd used the bit.ly link had been marked as spam by an automatic spam filter run by their email provider, whereas previous Take Control mailings had not been. Although there's no way of knowing for sure, it seems plausible that the fact that scoundrels are using services like bit.ly to obscure malicious links means that email messages with shortened URLs may be more likely to trigger spam filters.

The URL shortening business is a tough one, since it's not a particularly difficult technical task. We could - and very well may - build our own internal shortening service. It won't be as whizzy as bit.ly, I'm sure, but at least we'll be able to trust it to redirect our URLs silently and without an increased chance of triggering spam filters.

[1]: http://tr.im/
[2]: http://db.tidbits.com/article/10469
[3]: http://bit.ly/
[4]: http://db.tidbits.com/article/8412
[5]: http://db.tidbits.com/resources/2010-09/bit.ly-link-list.png
[6]: http://db.tidbits.com/resources/2010-09/bit.ly-analysis-page.png
[7]: http://www.takecontrolbooks.com/pdfpen-5?pt=TB1047
[8]: http://bit.ly/a/report_spam
[9]: http://db.tidbits.com/resources/2010-09/bit.ly-warning-page.png