There's a new campaign that uses Bitly shorteners to some sort of Google forwarder ("appengine").
Here's some sample Locations returned by HEADing the shorteners: appengine.google.com/_ah/logout?continue=https://appengine.google.com/_ah/logout?continue=http://bbbcomplianceglobal.com/report.php?mn=###################### appengine.google.com/_ah/logout?continue=https://appengine.google.com/_ah/logout?continue=http://bbbtax.com/getreport.php?ne=######################## appengine.google.com/_ah/logout?continue=http://bbbwork.com/abuse.php?number=##################### appengine.google.com/_ah/logout?continue=https://appengine.google.com/_ah/logout?continue=http://bbbcompliancenetwork.com/compliance.php?ne=###################### appengine.google.com/_ah/logout?continue=https://appengine.google.com/_ah/logout?continue=http://bbb-compliance.com/abuse.php?rt=################### I've hashed out the parts that look like tracking IDs, all of which have been pure numeric chars. Here's the corresponding Subjects: 752566913589:407 8260420930:36 Incident:062881374904:149 Incident:22677610925:290 Incident:5858851682625:543 The message text is a fake BBB complaint. I'll put a sample online tonight, if practical. The SA scores have ranged from -2.2 to 1.5, with no useful patterns. Does anyone have a contact at BitLy? These would be trivially easy for them to block. - "Chip"