New twist on spam redirection

Rich Boakes writes about spammers creating Yahoo Groups to post their messages in and then using referral spam to entice people to read them, but today I received a spam in email with another new twist on redirection.

It looks like to get around the (highly effective) URL blacklists that contain the URLs of spam sites that the spammers send to you they are now using legitimate sites badly written redirect scripts to bounce you onto their rubbish. They are taking advantage of buggy scripts that allow you to specify the URL to redirect you to, rather than tieing you into a list of allowed sites.

Because tools like SpamAssassin look at the URL rather than the arguments to the script (delineated by the ? in the URL) it is currently not matching those against the black lists.

I guess in a little bit we’ll see an upgrade to SpamAssassin to add checks to the arguments in the URL to make sure they’re not spam sites, and I guess a possible blacklist of broken redirect script URLs!