John,
thanks a TON for your efforts! I was afraid this would be hard
to catch. :(
On the bright side, the campaign has been morphing, and they are
now (IMO) much less enticing, which is a partial victory. :)
** Update:
The emails have gone thru two more significant morphs, first with
To.Realname in the URL, then with neither Realname in the URL.
The cracked sites are now sometimes using meta-refresh instead of
or in addition to a server redirect. The scripting at the
destinations has changed. All remain eminently straight forward
to test.
They continue to use cracked GoDaddy domains, and it's taking
over a week to catch/"fix" the ones I've checked.
I took a look at GoDaddy's abuse reporting, and, alas,
it's javascript-only. :(
*** Does anyone know of a clean/safe means to report these,
or have a contact at GoDaddy?
For more than 10 years, I've been tracking Realnames in the
"Friends" database of my hand-classification system.
I have a (batch) regression test that I can run daily to find
these, and would be happy to send the complete URLs to GoDaddy.
Disclaimer: my feed is LOW volume, however the delivery mechanism
is continuing to morph, so at the very least my trickle should
help GoDaddy keep a (putative) detection script up to date.
Plus, it's a TON more satisfying stymying the smarter-than-skwerl
class of spammers. :]
- "Chip"
P.S. Some old friends let me crash with them for the duration of
the two dreaded anniversaries (9/11 & Nimda), so I was able to
get some useful work done. :)
Now I just have to get caught up on everything else!
