Your short links are more than just a means to an end — they also represent trust. Trust that your users have in your referrals.

If you’re not careful, they can be abused by malicious actors, using your domain to lead users to websites you don’t intend them to visit.

⚠️
This an issue of public APIs, which allow users to create short links from other people’s domains — this is a widely occurring misuse and, if you’re not careful — a security breach.

Instead, the best way to combat this is to create an allowlist of trusted domains — that's why we created the "Restrict destinations" feature.

You can find "Restrict destinations" in "Domain settings."

Once you've set it up, everything that isn’t allowlisted — gets blocklisted.

Add the domains you trust and want to use for your short links here.

"Restrict destinations" is particularly useful for managers with an Admin role, as they can update these settings without worrying that Members can change allowlisted domains.

☝️
Because it wouldn’t be appropriate for us to decide how your links work, this is something you need to set up manually.

If you’re worried about preventing anyone from abusing your users’ trust, allowlisting the domains only you should have access to is a must in protecting your users and your reputation.