You can tell that an anti-spam tool is becoming too effective when spammers start trying to work around it.
Such is the case with Spam URL Blacklists (SURBLs), which list domains advertised via spam. Spamfilters will intercept emails that mention blacklisted domains used in clickable links. The spammers can use fake sender addresses and send email from cracked hosts and cracked third party mail accounts, but they still get caught as soon as they mention their websites. This hurts spammers because they only make money when people go to their websites and hand over their credit card details to order fake Rolexes, pills, porn, etc.
To get around this, spammers have been using pages created at free webhosting services and other third party sites where content can be uploaded. The links only mention the free hosting site, which then redirects to the final spam site.
One service abused for this is Google Groups. Other services recently seen used are Google Docs, Microsoft Spaces Live and Geocities. In the case of Google Groups the spammers create mailing lists and upload a spam link to the home page of the new group. They never use the groups for their intended purpose, i.e. mailing lists. This effectively makes it impossible to report the abuse via Google’s abuse handling procedures: Any archived posting or uploaded document on the Google Groups service has an abuse reporting link, but the home page of the group itself does not! Obviously, Google never envisaged that spammers would create groups only to have one page of web content that can be advertised via spam.
Here is an example of a spam:
Received: from host34.net215.omkc.ru (HELO host34.net215.omkc.ru) [18.104.22.168]
by mymailhost (mx077) with SMTP; 21 Jan 2009 04:21:47 +0100
Date: Mon, 21 Jan 2008 03:21:45 GMT
From: arturo <firstname.lastname@example.org>
User-Agent: Thunderbird 22.214.171.124 (Windows/20081209)
Subject: Brighten Your Day
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
After trying out tooth whitening system AT NO COST TO YOU you’ll realize that your smile is irresistably contagious! 😉
The page advertises “Click Here – Free Credit Score & Debt Help” which is a spam link using the domain white-teeth2009.com hosted on IP address 126.96.36.199 in China. It is listed on four sub-lists of SURBL (WS, OB, AB and JP). Its name servers are ns1.dckfdc.com and ns2.dckfdc.com. Other domains by the same spammers are whiten-your-smile2009.com and smile-really-great.com.
At the very least Google should add an abuse reporting link to its Google Group pages. It would be even better if they were to check uploaded Google Group content and checked any URLs in it against spam blacklists such as SURBL. This would stop the spammers in their tracks.