…Other than annoying the bejesus out of me, that is.
I have a low traffic website (used to be midlevel traffic) that, because of its former popularity, still finds its contact email form a magnet for a steady number of robots and would-be spammers. While the form script I use is secure from more malignant forms of attack – injections and whatnot – it’s almost painfully vulnerable to regular ol’ spam. At some point I’ll rouse myself to upgrading the script, but it’s not high priority at the moment.
These days, the most common non-legit messages I receive look something like this:
(I’m breaking the links and coding; the URLs are gibberish but there’s no sense in making them clickable.)
My question is: what the hell are spammers getting out of sending me dozens of random letters and fake links, also consisting of random letters? The emails are sent to me and end up in my junk email folder. They appear to be testing different, common forms of HTML or BBcode, but if they’re not using real links, what’s the point? Plus, this isn’t a blog or a guestbook, where these spam messages are public, and they could conceivably be trying to see what will get through before later coming back and trying again. What are they planning on accomplishing here?
BTW, I don’t actually open the messages, but I do look at the source, and they don’t contain attachments or hidden images or phishing links or anything that could potentially harm me or result in a more foolish recipient to click on a link and visit a commercial / scam site.
They are probably trying to see if your email address is active then they can spam you for real or sell your email address.
A lot of people use HTML to read their email, often without knowing it. If you use the preview pane in Outlook for instance (well at least the version I use) you’re using it
Anyway HTML can be set up to pull, so it shows you opened the mail.
True. I’m pretty sure that would require a hidden image (usually 1px, if they don’t want it to be seen, or an invisible .gif of any size), the code of which would be evident in Message Source view. It would look like:
<img src=“something.gif” width=“1” height=“1”>
(Or they could possibly a background image instead.) None of this stuff is in these messages. A gibberish link by itself – unless it was valid and led to something the spammer owned that would give him/her access to referer stats – wouldn’t do the job.
I dunno, I’m just curious what the point of all these meaningless messages are. I’m almost tempted to see if they’re cryptograms – maybe it’s all part of a big spy ring.
I notice you used the word “comment” above. Is it possible that the spammers think they’re submitting comments that will show up on your web site? Some unscrupulous web site owners use comment spam to create links to their web sites and thus (they hope) improve their Google ranking. The gibberish domain names would be consistent with that, because, being spammers, they would likely use disposable URLs.
Hmm, that may be. The page does clearly say it’s an email form, and there are no live comments (except for my forum) anywhere, but robots and non-English speaking drone employees might not make that distinction. So your guess is that they’re testing the form in hopes that their gibberish will appear. And then what? Then they come back and post a real link?
Why wouldn’t they just post the real link to start with, then? If they’d started by submitting a real link, it might have been posted on my (non-existing) comments page for a little while before I deleted it.
I guess I’m expecting logic from spammers, which is a fool’s errand. Still, someone’s probably paying these people to submit this crap, so I’d think they would want it to work.
Yes, I second this idea. Google’s search engine algorithm factors in so-called backlinks (incoming links from other websites) into their search position rankings. The more inbound links your site has from other websites (especially high value websites), the more likely googlebot will see you as an authoritative source of information.
