Optus email rejects shortened URLs
Optus has adjusted its email security regime to repel incoming emails that use URLs shortened by services like bit.ly or TinyURL.
Individuals that have sent emails to Optus addresses have forwarded the following error message to SearchSecurity ANZ:
“ [server name] tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 5.7.1 "shortened URL rejected, please use expanded or resolved link" (state 18).”
Optus PR department was not able to meet SearchStorage ANZ’s request for an interview with an in-house security professional to discuss the reason for the change, but did eventually issue a statement through a spokesperson who said:
““Optus recently implemented new security measures on our email servers to protect our customers from spam and phishing.”
Optus’ decision seems sound from a security point of view, as security experts have warned that URL shorteners such as bit.ly and TinyURL represent a threat since at least 2009, as their technique of disguising the real destination of a hyperlink makes it hard for users and content scanners to determine if it is a safe site.
Criminals have therefore used shortened URLs in attempts to induce internet users to download fake antivirus software, with a recent attack of this sort taking place in January according to Kaspersky Labs and Sophos. Security vendor M86 has also pointed out the issue, taking issue with the quality of rival MacAfee’s mcaf.ee/ service.