Thanks Andreas! :) Wednesday am, after re-checking that the specific spam URL was still forwarding to the spam payload destination, I emailed that role account... and to my (VERY pleasant) shock, received an auto-reply which did NOT direct me to an unuseable web form (i.e. the Google model of preventing reports).
Three hours later, I re-checked the original URL, and it no longer was forwarding. :) I don't know if they did anything to the actual forwarder, but at least I know it's NOT a waste of time to send reports. :) I will definitely submit directly, in future. And now, the bad news: 1. The original destination was just the first hop in a forwarding chain, with a total of six (6) hops. :( That should have been trivially easy to detect, automatically. The first Location feels rather brazen (i.e. an obvious redirect). My gut feeling is that the spammer may have been testing LinkedIn's defenses. 2. The original spam was submitted to SpamCop, which printed (in red): "ISP does not wish to receive reports regarding http://www.linkedin.com/slink - no date available" As a precaution, I'm now outright killing "linkedin.com/slink". I'm particularly annoyed at this forwarder, because LI has a Shortener service. If the spammer had been restricted to using a Shortener, my system would have caught it easily (technically that spam was blocked, but just barely). *** Question: Are there any good public lists of, um, "weakly defended" forwarders/redirectors? One of the reasons I posted that spample, is that it is an excellent example of a terse spam exploiting only well known services. This pattern recurs regularly, though always at low volumes. We educate our users to be cautious with unknown URLs, but I wouldn't blame any non-techie who succumbed to the double-whammy of a URL with a very familiar domain sent from the cracked account of a bona fide friend. :( - "Chip"