Spamming Through Google - Sunday Shoemoney Crazy Talk
A spam email got through to my inbox earlier this morning.
-
Subject: Having trouble gettin to sleep? Get Ambien
-
Date: Sat, 27 Oct 2007 14:38:59 -0500
-
MIME-Version: 1.0
-
Content-Type: text/html;
-
format=flowed;
-
charset="windows-1250"
-
reply-type=original
-
Content-Transfer-Encoding: 7bit
-
X-Priority: 3
-
X-MSMail-Priority: Normal
-
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
-
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
-
-
Order All of your favorite RxMedz today.<br>
-
With fast discreet trackable USPS shipping!<br>
-
No Prescription Needed!<br>
So who cares right everyone gets spammed? Well I thought this was pretty interesting...
Anytime a real spam email gets through our system I always analyze it looking for a footprint that will not only identify this but all like it to our email system. Dillsmack and I both have a background in building spam prevention systems... although what seems like a lifetime ago.. anyway so we look for stuff like that.
Ok so the meat of this is really that the spammer is using Google urls to spam with... and not like googlepages or something that would get there account banned.
Now if you drop the &btnI=ec you can see that this is the only result
http://www.google.com/search?q=blarack+tabs+unbelievable&btnI=ec
Now if you type that into or click directly you will see it goes directly to the domain.
Here is the headers:
-
GET /search?q=blarack+tabs+unbelievable&btnI=ec HTTP/1.1
-
Host: www.google.com
-
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.8) Gecko/20071008 Firefox/2.0.0.8
-
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
-
Accept-Language: en-us,en;q=0.5
-
Accept-Encoding: gzip,deflate
-
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
-
Keep-Alive: 300
-
Connection: keep-alive
-
-
Cookie: SID=DQAAAHkAAADq0nde5_nP-yi0cdJj39vm2ijF6s6o_6EO5hPWp8jLU-trJc_BeKFCKkMkiKegrQ960dzEUX_xQt5vz-gsDybqClcFwUG2TAtAQzINpm1XniTr1GV32Oeajn2De58rXmuoqsTKwnIGf-04kRj8FBy_EPiTTRM3IfGaCMT6wroYqg; adwords_api_devguide_version=10; adsenseReferralClickId=; adsenseReferralSourceId=aso; WebmastersLocale=en; __utmz=173272373.1179527652.13.9.utmccn=(referral)|utmcsr=video.google.com|utmcct=/|utmcmd=referral; PREF=ID=2f15fb27be015318:TB=2:LD=en:NR=100:TM=1136517732:LM=1181439120:FV=2:DV=AA:GM=1:IG=3:GC=1:S=wo9TxiBNLbJIAQLV; adsenseReferralSubId=us-en-et_homepagevublogannounce; rememberme=true; __utma=173272373.1754075842.1140672607.1179527652.1193525321.14; TZ=300
-
-
HTTP/1.x 302 Found
-
Location: http://blarack.org/
-
Cache-Control: private
-
Content-Type: text/html; charset=UTF-8
-
Server: gws
-
Transfer-Encoding: chunked
-
Content-Encoding: gzip
-
Date: Sun, 28 Oct 2007 18:18:40 GMT
So Google is passing a 302 redirect for this link. But its also dropping the full Google Cookie.
As a dirt bag affiliate marketer I gotta ask myself besides fooling search engines what other bonuses could there be for exploiting this flaw in the Google search string. Keep in mind this is my live imagination just running wild and there is absolutely no proof on these:
1) This would spike up there search value on Google Trends?
2) There are numerous bugs with 302 redirects... wonder if this would plague any of them.
3) Social Voting: Google gets a tremendous amount of data from the Google toolbar. Seeing traffic going to this site from the search engine and staying there would indicate its a "good quality experience" for the user? Therefore giving the domain some sort of serps boost (probably unlikely)
Or many its just a cleaver way to exploit the "I am feeling lucky" button and googles trusted links in spam filters and there is no other value 
- 56 Comments. What say you?
- RSS
- Delicious
- StumbleUpon
- Furl
- Digg
I wonder how long it will take for your blog to rank #1 for that search query and receive the complaints of annoyed users.
this blog never ranks for anything in search engines
I gotta be honest, I was a wee bit lost reading that!
LOL I get all my blarack tabs unbelievable from ShoeMoney!
Yeah it’s already #1..
it is most likely to allow the link to pass through spam filters. google urls dont get flagged. there are other ways to do this using amazon etc.
Yep, #1. Nicely done Shoemoney on capitalizing that spam:D
In this case you are wrong. You are already #1 for this term in the big G.
Google is moving fast!
wow that’s amazing, you put this post up only about an hour or two ago and you’re ranked for that keyword.
A lot of the spam coming into my blog has links out to archived sites at archive.org, too. Looks like spammers don’t have to worry about losing their hosting account if archive.org maintains a page full of their affiliate links for life. They just keep getting more and more creative.
all these peeps that get the spam will now go to this site as it is the “feeling lucky” link. haha
Sweet! Just ordered 5 bottles of viagra!!!1oneshiftone. Seriously a very clever way to spam a link. You gotta give the people props, for spammers, they are pretty creative.
Anywho, great read.
Time for a Google human reviewer to sharpen his/her pencils and slap some sort of +30 (or plus anything, really) penalty on blarak.org and the “Feeling Lucky” trick will no longer work because they are not going to be #1 anymore. In fact, after this domain name has been mentioned on shoemoney.com, they might have already lost their #1 simply because Shoe has more weight (as in 800 lbs gorilla)
Wow, that’s really clever way of using Google to spam.
It’s sad - I blogged about this months ago, and generated no buzz over it. Shoe goes and say the same thing, and I’m sure Google will be all over it!
Anyhow, it is a smart way for spammers to bypass URLBLs. No anti-spam system will blog google after all!
The blarack link sent the shoemoney email to my spamtrapper. That is at least a little funny, and not particularly for any reason.
Justin Cook, if it makes you feel better about it, I was talking with a Gmail person about this before Shoemoney posted about it.
Pretty clever type of spam mail format. Now the whole world knows.
Can you clarify this? It looks like the cookie isn’t being touched. What do you mean?
Am I missing something? If I type blarack tabs unbelievable into Google, I don’t get Shoemoney at number 1, instead I get a site (readablog.com) that has scraped Shoe’s feed.
wow.. this quite tricky
as i said above this blog ranks poorly. almost every time you will get shit blogs that scrape my content before mine in google.
sorry it just means that it drops the same cookie as if you were searching for the phrase itself.
hmm i show i am 3rd behind scrapers and spammers
I am not worthy.
There were also links for like winning $1000 free stuff and when you enter, you get spammed big time. Anything too good to be true is really not worth clicking, unless it’s endorsed by ShoeMoney
.
May I make a request for ShoeMoney shirts for little ones? I have a 6 year old girl and she likes cool shirts
. So far her favorite is her little penguin shirt(Tux).
i need to make some kids shirts
matt dont you think just disallowing the “Im feeling lucky” from remote requests would do it?
very interestign find man.
That spammer is smart. not only he is able to get pass the spam filter. Clicking through rate at google results actually is one of the factor of the result position.
Yeah - You do.
if your blog becomes a popular target to be scraped by other re-blogger, i’m sure you can generate a buzz too
We cant blame jeremy for being a celebrity.
How is an email with Ambien in the subject-line getting through your filters?
dang, thats a sneaky way to advertise.
Way to spam the almighty Google! I love it.
google links are always good to spam google.This will help us not to get ban for some time.
Man, this is one of the meanest ways to spam!! I was not paying attention to what you said in the beginning but after reading carefully I have seen the light! It’s mean!!! :-))
Mike we dont use some pre built software blacklist keyword package
Wow. So I wonder what you use to have your email peace. I started to use something new 2 weeks ago that brought my spam intake down to less than 5%. I have been using different solutions now over the last 7 or so years, just to find myself micro-managing and presorting emails despite all marketing claims.
I blogged about the latest find that gave me email peace here:
http://www.semmy.name/index.php/88/email-peace/
I can so far highly recommend it, but if you can reveal what you use personally to deal with spam, let me/us know!
Just forward these emails to spam.gov
Yup - I agree
where theres a will theres a way! spam will haunt us all forever!
You would have to get a to of clicks on a pharmacy link to make a SERP difference. I think it is more likely the spammer is betting no one will do the work you did to track. Also, people trust Google. If you were going to buy pills online, why not from a Google link…
Ha ha! Thats some pretty cool spam. Apparently they are send there spam in mp3 files now too!
Those spammers are geniuses!
Surely Google could simply remove the offending url from their search engine databases…permanently? Yes or No?
Surley Google could simply ban the offending from their search engine databases? am I right or wrong?
[...] Shoemoney writes about a spammail he got, that makes clever use of the “I’m feeling lucky” button of google. [...]
[...] By adminAdd commentsGeneral Shoemoney has a great post about a new (well, kinda new) way to spam your links and not get caught. Basically, you get your site ranking first for any random keyword, then pass your link as the [...]
[...] have seen this on ShoeMoney’s website this morning. It is absolutely mean, the guy who thought about it is a genius, really. [...]
[...] Spamming Through Google - Sunday Shoemoney Crazy Talk [...]
[...] Read the rest of this great post here [...]
[...] the indirect link through Google it makes it very hard to find and persecute the guilty party. Using Google to cover your tracks is getting increasingly [...]
[...] post on ‘Spamming Through Google‘ a few months ago got me thinking about how this flaw function of Google could be exploited [...]
[...] as an avid Shoemoney reader, this article seems awfully familiar… as in, Jeremy posted this story 4 months ago! So, is MSNBC late to the party on this, or [...]