Not sure what Google is doing about this, but it appears that some clever script-kiddies have figured out that they can embed their BS spam messages into “refer this map” link on Google Maps. Here is an example of what was sent to me this morning.
Since the email is coming from “noreply@google.com” it is not getting caught by the various spam filters that exist in each part of the email distribution chain. I found that someone had posted this same problem on the GMaps support forum, but the page was only up for about 11 minutes before it was “removed”??? If I click on the link now it says “Part of this page has been removed”. After more time passes the link will be completely removed from search results for sure.
Here is a screen shot of the search phrase I typed into Google.
I have been trying to find the right place to alert Google that they have this problem out in the wild, but the only “spam reporting” you can do is related to someone spamming your business name in local-search results on Google maps. If you have had this same issue it would be interesting to see how prevalent the problem is and what people are trying to do about it.
I and others who are subscribers of intenders mailings are receiving offensive material from noreply@googlemaps.
They come with various subject lines, the email addresses listed are generally about 5 to 10 different. I received the first one send to my personal email and then received a messaged from one of the intender members who subscribes to our email subscription saying it came to her address that she uses only for intender mail…so we are very concerned about how and where the spammers are getting the addresses. I have saved three of the messages
I just got this, does anybody know how they did it? the Refer link button on the google maps page is just a mailto: link. Im guessing they found another place on the site where google email out and they managed to edit the data before it sends. It’s quite clever either way and they are the only ones that have done it so I wouldn’t be so quick to brand them as “script kiddies”
@John, I just noticed that the email refer link button is like you say – a “mailto:” link which opens up the default mail client. It didn’t always used to work that way….. I’m trying to figure out right now how they are managing to do this. My use of the description “script kiddies” has more to do with my annoyance, rather than with their actual skill level. I just posted a question to the Google Maps Support Forum here: http://www.google.com/support/forum/p/maps/thread?tid=2ba1f5e2c8a69dc3&hl=en. We’ll see if anyone answers it
I think they are using Blogger.com to facilitate this spam. Here is an example:
http://worldcup-fifa.blogspot.com/2010/01/malloneenextourcokr-sent-this-to-you.html
The content of this blog is exactly what is in the email/spam message that I received. If you click on the “share” link I believe they are taking advantage of a flaw in the POST variable submission when using the “share form”.
I’m an network admin/email server admin by day and have been noticing these starting about a week or two ago. I’ve been getting them both at home on several email accounts as well as here at work.
How it is being accomplished… go to google maps, click on the send link above the map. Edit the To:, From:, and message body and send it. You do have to fill out a capcha but there are several automated capcha solvers out there that can do it completely automated. In other words, this can all be done programatically without having to even visit the site.
I’m sure Google will catch this and put an end to it very soon. As far as reporting it goes, don’t bother. I am certain they already know about it and are working on a fix that will stop the practice without hurting the honest users experience.
It does seem strange that they removed the post that you mentioned… I wonder why?
Thanks for posting this…. at least people will get some information on it.
Oh, if you want to stop it yourself using an email rule in your email client, create an email rule that contains “sent this to you using Google Maps” in the subject and move any that hit this rule to your spam/junk or trash folder. Just remember that this rule will also catch any legitimate emails sent from google maps, so you may want to remove it after google fixes the problem if these are important to you.
The spammers are using this method because it allows them to piggyback on to Google’s reputation (Domain Key and DKIM) and this gets past most email spam filters.
Hope this helps.
Kind regards,
Ken