Comments on: Spam Links Sent Through Google Maps http://www.aaronwpearson.com/spam-links-sent-through-google-maps/ Making Technology Work for You Wed, 10 Mar 2010 23:01:41 -0600 http://wordpress.org/?v=2.8.4 hourly 1 By: Ken http://www.aaronwpearson.com/spam-links-sent-through-google-maps/comment-page-1/#comment-653 Ken Mon, 01 Feb 2010 17:40:59 +0000 http://www.aaronwpearson.com/?p=348#comment-653 I'm an network admin/email server admin by day and have been noticing these starting about a week or two ago. I've been getting them both at home on several email accounts as well as here at work. How it is being accomplished... go to google maps, click on the send link above the map. Edit the To:, From:, and message body and send it. You do have to fill out a capcha but there are several automated capcha solvers out there that can do it completely automated. In other words, this can all be done programatically without having to even visit the site. I'm sure Google will catch this and put an end to it very soon. As far as reporting it goes, don't bother. I am certain they already know about it and are working on a fix that will stop the practice without hurting the honest users experience. It does seem strange that they removed the post that you mentioned... I wonder why? Thanks for posting this.... at least people will get some information on it. Oh, if you want to stop it yourself using an email rule in your email client, create an email rule that contains "sent this to you using Google Maps" in the subject and move any that hit this rule to your spam/junk or trash folder. Just remember that this rule will also catch any legitimate emails sent from google maps, so you may want to remove it after google fixes the problem if these are important to you. The spammers are using this method because it allows them to piggyback on to Google's reputation (Domain Key and DKIM) and this gets past most email spam filters. Hope this helps. Kind regards, Ken I’m an network admin/email server admin by day and have been noticing these starting about a week or two ago. I’ve been getting them both at home on several email accounts as well as here at work.

How it is being accomplished… go to google maps, click on the send link above the map. Edit the To:, From:, and message body and send it. You do have to fill out a capcha but there are several automated capcha solvers out there that can do it completely automated. In other words, this can all be done programatically without having to even visit the site.

I’m sure Google will catch this and put an end to it very soon. As far as reporting it goes, don’t bother. I am certain they already know about it and are working on a fix that will stop the practice without hurting the honest users experience.

It does seem strange that they removed the post that you mentioned… I wonder why?

Thanks for posting this…. at least people will get some information on it.

Oh, if you want to stop it yourself using an email rule in your email client, create an email rule that contains “sent this to you using Google Maps” in the subject and move any that hit this rule to your spam/junk or trash folder. Just remember that this rule will also catch any legitimate emails sent from google maps, so you may want to remove it after google fixes the problem if these are important to you.

The spammers are using this method because it allows them to piggyback on to Google’s reputation (Domain Key and DKIM) and this gets past most email spam filters.

Hope this helps.
Kind regards,
Ken

]]> By: admin http://www.aaronwpearson.com/spam-links-sent-through-google-maps/comment-page-1/#comment-652 admin Mon, 01 Feb 2010 00:24:32 +0000 http://www.aaronwpearson.com/?p=348#comment-652 I think they are using Blogger.com to facilitate this spam. Here is an example: http://worldcup-fifa.blogspot.com/2010/01/malloneenextourcokr-sent-this-to-you.html The content of this blog is exactly what is in the email/spam message that I received. If you click on the "share" link I believe they are taking advantage of a flaw in the POST variable submission when using the "share form". I think they are using Blogger.com to facilitate this spam. Here is an example:

http://worldcup-fifa.blogspot.com/2010/01/malloneenextourcokr-sent-this-to-you.html

The content of this blog is exactly what is in the email/spam message that I received. If you click on the “share” link I believe they are taking advantage of a flaw in the POST variable submission when using the “share form”.

]]> By: admin http://www.aaronwpearson.com/spam-links-sent-through-google-maps/comment-page-1/#comment-651 admin Sun, 31 Jan 2010 21:00:56 +0000 http://www.aaronwpearson.com/?p=348#comment-651 @John, I just noticed that the email refer link button is like you say - a "mailto:" link which opens up the default mail client. It didn't always used to work that way..... I'm trying to figure out right now how they are managing to do this. My use of the description "script kiddies" has more to do with my annoyance, rather than with their actual skill level. I just posted a question to the Google Maps Support Forum here: <a href="http://www.google.com/support/forum/p/maps/thread?tid=2ba1f5e2c8a69dc3&hl=en" rel="nofollow">http://www.google.com/support/forum/p/maps/thread?tid=2ba1f5e2c8a69dc3&hl=en</a>. We'll see if anyone answers it @John, I just noticed that the email refer link button is like you say – a “mailto:” link which opens up the default mail client. It didn’t always used to work that way….. I’m trying to figure out right now how they are managing to do this. My use of the description “script kiddies” has more to do with my annoyance, rather than with their actual skill level. I just posted a question to the Google Maps Support Forum here: http://www.google.com/support/forum/p/maps/thread?tid=2ba1f5e2c8a69dc3&hl=en. We’ll see if anyone answers it

]]> By: John sanford http://www.aaronwpearson.com/spam-links-sent-through-google-maps/comment-page-1/#comment-650 John sanford Sun, 31 Jan 2010 20:57:06 +0000 http://www.aaronwpearson.com/?p=348#comment-650 I just got this, does anybody know how they did it? the Refer link button on the google maps page is just a mailto: link. Im guessing they found another place on the site where google email out and they managed to edit the data before it sends. It's quite clever either way and they are the only ones that have done it so I wouldn't be so quick to brand them as "script kiddies" I just got this, does anybody know how they did it? the Refer link button on the google maps page is just a mailto: link. Im guessing they found another place on the site where google email out and they managed to edit the data before it sends. It’s quite clever either way and they are the only ones that have done it so I wouldn’t be so quick to brand them as “script kiddies”

]]> By: Pam http://www.aaronwpearson.com/spam-links-sent-through-google-maps/comment-page-1/#comment-649 Pam Sun, 31 Jan 2010 20:31:29 +0000 http://www.aaronwpearson.com/?p=348#comment-649 I and others who are subscribers of intenders mailings are receiving offensive material from noreply@googlemaps. They come with various subject lines, the email addresses listed are generally about 5 to 10 different. I received the first one send to my personal email and then received a messaged from one of the intender members who subscribes to our email subscription saying it came to her address that she uses only for intender mail...so we are very concerned about how and where the spammers are getting the addresses. I have saved three of the messages I and others who are subscribers of intenders mailings are receiving offensive material from noreply@googlemaps.
They come with various subject lines, the email addresses listed are generally about 5 to 10 different. I received the first one send to my personal email and then received a messaged from one of the intender members who subscribes to our email subscription saying it came to her address that she uses only for intender mail…so we are very concerned about how and where the spammers are getting the addresses. I have saved three of the messages

]]>