Spammers using Google links

In my "Spam Suspects" email folder today, I noticed some spam which used Google as a redirection service, by linking to http://www.google.com/url?q=http://www.somespamsite.com. When trying this technique with some other site, I found that google responds to this query with a 302 redirect to the site in question. Clearly, the spammer was using this system to lure people who trust Google into visiting their site.

What I don't understand is why Google needs a public redirect system like this that is so obviously open to abuse. The google.com/url?q=... page doesn't seem to accept anything but already fully specified urls, so the sole purpose of this page is to do redirects.

The only reason I can think of for them needing a service like this is if they serve up one in a thousand search-results pages with redirect links, in order to log what people actually click on. If this were the case though, why not at least check the referrer to see if the user actually came from a google.com page? Am I missing something here?

TrackBack URL for this entry: http://www.hutteman.com/scgi-bin/mt/mt-tb.cgi/212
Comments

One reason that blocking requests that don't have a valid referrer header is that some proxy/privacy software strips this information out of HTTP requests, making the request indistinguishable from spam requests. One alternate approach would be to encrypt the URL (so that you end up with a URL like http://www.google.com/url?e=29384710923487).

Posted by Brett Dickson at May 6, 2006 1:43 AM

"... why not at least check the referrer...", because the referrer can be spoofed, so relying on it for any security strategy is risky.

Posted by Andrew Houghton at May 6, 2006 8:55 PM

Actually, it is something Google uses so that sites they link to don't get PageRank. Some blogs, including my own, have taken to use the redirect in comments to thwart spammers.

While it can be used to fool readers, the redirect URL is short enough to look suspicious, and it still does more good than harm, most of the time.

Posted by Nathan Weinberg at May 7, 2006 2:29 AM

If you have a Google / Gmail account and are logged in while doing searches on Google with personalized search or search history, I and many others have noted that Google is actually redirecting to all results they list on the first page instead of directly linking. They do attempt to mask this with some JS code so it is not evident in the status bar of your browser, but it didn't take long for most folks to notice something was different.

<a href="http://www.google.com/url?sa=t&ct=res&cd=2&url=http%3A%2F%2Farconati.us%2F&ei=mpJdRP_ULpH2owKyrdzBBg&sig2=QMihpk2brwMdzQp0lSZPPw" onmousedown="return rwt(this,'','','res','2','&sig2=QMihpk2brwMdzQp0lSZPPw')">Arconati Family Web Portal - Arconati.us</a>

Maybe that's related... But I agree, they need a way to filter the user if the link is not coming from a search result page. Perhaps using the redirect link (or one like the above) is a way of 'voting' for that page, since Google is tracking the redirects.

Posted by James A. Arconati at May 7, 2006 2:30 AM

Referrer isn't mandatory in http get, so making any piece of software rely on that is bad. There are people who likes to surf with referrer turned off (both Opera and Mozilla allows this and I'm sure there are other possibilities aswell).

Posted by Håvard Pedersen at May 7, 2006 8:15 AM

hi there,

I asked about this of a Google Engineer (http://www.beust.com/weblog/) in a different
scenario. He did NOT say much about it at that time.

Maybe there's NOT seeing too much traffic on that one. Once they
see enough traffic, they will take necessary action.

BR,
~A

Posted by anjan bacchu at May 7, 2006 3:06 PM

Nathan: to prevent linked sites from getting pagerank, rel=nofollow would be a much easier approach.

regarding Referrer being non-mandatory: since Google would generate these links themselves, they can easily see if your browser is blocking the referrer header, and only serve you the redirect if it's not.

and while the referrer header may be spoofable, I don't see how a spam-email would be able to achieve this.

Posted by Luke Hutteman at May 7, 2006 8:21 PM

Luke:
Sorry this has nothing to do with your topic.
I use sharp reader all the time. I also recommend it in my speeches and in my book. The book is TRUTH: The No BS Guide to Navigate Media Bias. I would like to use photos of sharpreader to demonstrate how to use an RSS Feed. I need your permission. Can you contact my publisher for me details. Or give me the number or address to have him contact you. My guy at Roof Top Publishing is nick Obradovich (nobradovich@rooftoppublishing.com)
Thanks.
John Daly
www.johndaly.tv

Posted by John Daly at May 8, 2006 10:18 AM

Erm, hope you didn't open pandora's box :(

Posted by ZLoserKing at May 12, 2006 8:38 PM

Not sure the referer would work for Google's AdSense Network since all of the clicks are coming from other sites.

-Marc

Posted by Marc Calello at May 31, 2006 9:27 PM

SharpReader on Vista Beta 2: (It was the only managed app I had open that I know of)

Error reading URL: There were not enough free threads in the ThreadPool to complete the operation.
Error reading URL: There were not enough free threads in the ThreadPool to complete the operation.
Error reading URL: There were not enough free threads in the ThreadPool to complete the operation.
etc...

Never seen this on 2003... Vista is teh suck or SharpReader is teh suck (on Vista)?

Posted by zzz at June 14, 2006 2:58 PM

btw

Threadpool threads are NOT to be used for POSSIBLY long running operations (such as network access).

Just guessing but that is the only explanation for the error I came up with.

Posted by zzz at June 14, 2006 3:01 PM

Maybe the spammers doing this for getting Google PR?

Posted by Kim Forota at August 2, 2006 2:57 AM

Yes we do this fot that reason.
This has notning to deal with adsene.
We're doing that for grabbing traffic to PPC affiliate programs, such as well known UmaxLogin.
We use spamming software to insert these urls like <a href="http://www.google.com/url?q=http://xenical.zikforum.com">Xenical</a>
in many thousands of guestbooks. Notice redirect to Zikforum.com
This is considered to be bonus domain. Google likes them , as long as they are not filtered. You just may registrate a mailbox and create a free forum. Later put in it some SE oriented content on keyword, disable HTML in editing and insert a JavaScript redirect function. And Spam IT

Posted by Jack at August 9, 2006 7:01 AM

I agree with Luke..the rel=nofollow takes away the incentive to spam..no page rank gain = no spam. Btw from what i hear it doesn't work with adsense.


J.A. Los Angeles Acting School EMAS

Posted by Meisner Technique Los Angeles Acting Classes at August 31, 2006 5:27 PM

Hi there!
You wrote about spammers - i read your article and i also read your users comments - and i have to say two words - first of all atribute rel=nofollow doesn't solve the problem - coz many spammers are using scirpts to spam blogs so they're spaming everything with relnofolow or without it - PR and high position is one thing - and traffic is second thing - so rel=noffolow solve the first problem but there's also second unsolved problem - so i think the best protection is antyspam plugin - there;s many of them. And i see you have here right now a spamm problem above - so i strongly recommend installing one of those plugins

Posted by Praca at October 18, 2006 5:26 AM
This discussion has been closed. If you wish to contact me about this post, you can do so by email.