Search Form

Spamming Through Google – Sunday Shoemoney Crazy Talk

A spam email got through to my inbox earlier this morning.

HTML:
  1. Subject: Having trouble gettin to sleep? Get Ambien
  2. Date: Sat, 27 Oct 2007 14:38:59 -0500
  3. MIME-Version: 1.0
  4. Content-Type: text/html;
  5.         format=flowed;
  6.         charset="windows-1250"
  7.         reply-type=original
  8. Content-Transfer-Encoding: 7bit
  9. X-Priority: 3
  10. X-MSMail-Priority: Normal
  11. X-Mailer: Microsoft Outlook Express 6.00.2900.2869
  12. X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
  13.  
  14. Order All of your favorite RxMedz today.<br>
  15. With fast discreet trackable USPS shipping!<br>
  16. No Prescription Needed!<br>
  17. Order Now! - <a href="http://www.google.com/search?q=blarack+tabs+unbelievable&btnI=ec">ClicK Here</a><br>

So who cares right everyone gets spammed? Well I thought this was pretty interesting...

Anytime a real spam email gets through our system I always analyze it looking for a footprint that will not only identify this but all like it to our email system. Dillsmack and I both have a background in building spam prevention systems... although what seems like a lifetime ago.. anyway so we look for stuff like that.

Ok so the meat of this is really that the spammer is using Google urls to spam with... and not like googlepages or something that would get there account banned.

Now if you drop the &btnI=ec you can see that this is the only result

http://www.google.com/search?q=blarack+tabs+unbelievable&btnI=ec

Now if you type that into or click directly you will see it goes directly to the domain.

Here is the headers:

HTML:
  1. GET /search?q=blarack+tabs+unbelievable&btnI=ec HTTP/1.1
  2. Host: www.google.com
  3. User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.8) Gecko/20071008 Firefox/2.0.0.8
  4. Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
  5. Accept-Language: en-us,en;q=0.5
  6. Accept-Encoding: gzip,deflate
  7. Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  8. Keep-Alive: 300
  9. Connection: keep-alive
  10.  
  11. Cookie: SID=DQAAAHkAAADq0nde5_nP-yi0cdJj39vm2ijF6s6o_6EO5hPWp8jLU-trJc_BeKFCKkMkiKegrQ960dzEUX_xQt5vz-gsDybqClcFwUG2TAtAQzINpm1XniTr1GV32Oeajn2De58rXmuoqsTKwnIGf-04kRj8FBy_EPiTTRM3IfGaCMT6wroYqg; adwords_api_devguide_version=10; adsenseReferralClickId=; adsenseReferralSourceId=aso; WebmastersLocale=en; __utmz=173272373.1179527652.13.9.utmccn=(referral)|utmcsr=video.google.com|utmcct=/|utmcmd=referral; PREF=ID=2f15fb27be015318:TB=2:LD=en:NR=100:TM=1136517732:LM=1181439120:FV=2:DV=AA:GM=1:IG=3:GC=1:S=wo9TxiBNLbJIAQLV; adsenseReferralSubId=us-en-et_homepagevublogannounce; rememberme=true; __utma=173272373.1754075842.1140672607.1179527652.1193525321.14; TZ=300
  12.  
  13. HTTP/1.x 302 Found
  14. Location: http://blarack.org/
  15. Cache-Control: private
  16. Content-Type: text/html; charset=UTF-8
  17. Server: gws
  18. Transfer-Encoding: chunked
  19. Content-Encoding: gzip
  20. Date: Sun, 28 Oct 2007 18:18:40 GMT

So Google is passing a 302 redirect for this link. But its also dropping the full Google Cookie.

As a dirt bag affiliate marketer I gotta ask myself besides fooling search engines what other bonuses could there be for exploiting this flaw in the Google search string. Keep in mind this is my live imagination just running wild and there is absolutely no proof on these:

1) This would spike up there search value on Google Trends?

2) There are numerous bugs with 302 redirects... wonder if this would plague any of them.

3) Social Voting: Google gets a tremendous amount of data from the Google toolbar. Seeing traffic going to this site from the search engine and staying there would indicate its a "good quality experience" for the user? Therefore giving the domain some sort of serps boost (probably unlikely)

Or many its just a cleaver way to exploit the "I am feeling lucky" button and googles trusted links in spam filters and there is no other value ;)



Please read this disclaimer before acting on this post.
  • 56 comments. What say you?
    • RSS

Comments

  1. Max

    Surley Google could simply ban the offending from their search engine databases? am I right or wrong?

  2. Max

    Surely Google could simply remove the offending url from their search engine databases…permanently? Yes or No?

  3. Jason Brailow

    Those spammers are geniuses!

  4. motorsportBABESau

    Ha ha! Thats some pretty cool spam. Apparently they are send there spam in mp3 files now too!

  5. Thor Schrock

    You would have to get a to of clicks on a pharmacy link to make a SERP difference. I think it is more likely the spammer is betting no one will do the work you did to track. Also, people trust Google. If you were going to buy pills online, why not from a Google link…

  6. Thousand Dollar Project

    where theres a will theres a way! spam will haunt us all forever!

  7. Joeychgo

    Yup – I agree

  8. Amit

    Just forward these emails to spam.gov

  9. semmy.name

    Wow. So I wonder what you use to have your email peace. I started to use something new 2 weeks ago that brought my spam intake down to less than 5%. I have been using different solutions now over the last 7 or so years, just to find myself micro-managing and presorting emails despite all marketing claims.

    I blogged about the latest find that gave me email peace here:

    http://www.semmy.name/index.php/88/email-peace/

    I can so far highly recommend it, but if you can reveal what you use personally to deal with spam, let me/us know!

  10. ShoeMoney

    Mike we dont use some pre built software blacklist keyword package

  11. Smart websites make money

    Man, this is one of the meanest ways to spam!! I was not paying attention to what you said in the beginning but after reading carefully I have seen the light! It’s mean!!! :-) )

  12. Seo Next

    google links are always good to spam google.This will help us not to get ban for some time.

  13. John M Weaver

    Way to spam the almighty Google! I love it.

  14. serge

    dang, thats a sneaky way to advertise.

  15. Mike Peters

    How is an email with Ambien in the subject-line getting through your filters?

  16. Neon

    if your blog becomes a popular target to be scraped by other re-blogger, i’m sure you can generate a buzz too :D We cant blame jeremy for being a celebrity.

  17. David Wilkinson

    Yeah – You do. ;)

  18. Neon

    That spammer is smart. not only he is able to get pass the spam filter. Clicking through rate at google results actually is one of the factor of the result position.

  19. CPA Affiliates

    very interestign find man.

  20. ShoeMoney

    matt dont you think just disallowing the “Im feeling lucky” from remote requests would do it?

  21. ShoeMoney

    i need to make some kids shirts ;)

  22. MyGoodFinds

    There were also links for like winning $1000 free stuff and when you enter, you get spammed big time. Anything too good to be true is really not worth clicking, unless it’s endorsed by ShoeMoney ;) .

    May I make a request for ShoeMoney shirts for little ones? I have a 6 year old girl and she likes cool shirts :) . So far her favorite is her little penguin shirt(Tux).

  23. Allyn Paul

    I am not worthy.

  24. ShoeMoney

    hmm i show i am 3rd behind scrapers and spammers

  25. ShoeMoney

    sorry it just means that it drops the same cookie as if you were searching for the phrase itself.

  26. ShoeMoney

    as i said above this blog ranks poorly. almost every time you will get shit blogs that scrape my content before mine in google.

  27. tonyinabox

    wow.. this quite tricky

  28. Nick Ramsay

    Am I missing something? If I type blarack tabs unbelievable into Google, I don’t get Shoemoney at number 1, instead I get a site (readablog.com) that has scraped Shoe’s feed.

  29. Richard

    So Google is passing a 302 redirect for this link. But its also dropping the full Google Cookie.

    Can you clarify this? It looks like the cookie isn’t being touched. What do you mean?

  30. Web Directory

    Pretty clever type of spam mail format. Now the whole world knows.

  31. Matt Cutts

    Justin Cook, if it makes you feel better about it, I was talking with a Gmail person about this before Shoemoney posted about it. :)

  32. dustin

    The blarack link sent the shoemoney email to my spamtrapper. That is at least a little funny, and not particularly for any reason.

  33. Justin Cook

    It’s sad – I blogged about this months ago, and generated no buzz over it. Shoe goes and say the same thing, and I’m sure Google will be all over it!

    Anyhow, it is a smart way for spammers to bypass URLBLs. No anti-spam system will blog google after all!

  34. One Buck Wiki

    Wow, that’s really clever way of using Google to spam.

  35. DA

    Time for a Google human reviewer to sharpen his/her pencils and slap some sort of +30 (or plus anything, really) penalty on blarak.org and the “Feeling Lucky” trick will no longer work because they are not going to be #1 anymore. In fact, after this domain name has been mentioned on shoemoney.com, they might have already lost their #1 simply because Shoe has more weight (as in 800 lbs gorilla)

  36. Jonathan Volk

    Sweet! Just ordered 5 bottles of viagra!!!1oneshiftone. Seriously a very clever way to spam a link. You gotta give the people props, for spammers, they are pretty creative.

    Anywho, great read.

  37. HustleStrategy

    all these peeps that get the spam will now go to this site as it is the “feeling lucky” link. haha

  38. JoeTech.com

    A lot of the spam coming into my blog has links out to archived sites at archive.org, too. Looks like spammers don’t have to worry about losing their hosting account if archive.org maintains a page full of their affiliate links for life. They just keep getting more and more creative.

  39. big money

    wow that’s amazing, you put this post up only about an hour or two ago and you’re ranked for that keyword.

  40. blogstheme.com

    Google is moving fast!

  41. safesurfer

    In this case you are wrong. You are already #1 for this term in the big G.

  42. Eric

    Yep, #1. Nicely done Shoemoney on capitalizing that spam:D

  43. iquitmyjob

    it is most likely to allow the link to pass through spam filters. google urls dont get flagged. there are other ways to do this using amazon etc.

  44. Tim

    Yeah it’s already #1..

  45. Tim

    LOL I get all my blarack tabs unbelievable from ShoeMoney!

  46. Blog Contests

    I gotta be honest, I was a wee bit lost reading that!

  47. ShoeMoney

    this blog never ranks for anything in search engines

  48. safesurfer

    I wonder how long it will take for your blog to rank #1 for that search query and receive the complaints of annoyed users.

Trackbacks url:

By commenting on this post you agree to the comment policy

Leave a Comment...