Google Sites, the Google platform for document sharing and collaboration, has been dubbed “SharePoint Light” by many members of the tech community. However, the platform might be getting a new name soon, and one that won’t be so nice. Apparently, spammers have adopted Sites as a tool to host spam and malware, and, thanks to the google.com domain name, some spam filters are having trouble blocking the messages.
Here Comes the “Google Spam”
According to MessageLabs, Google Sites spam only accounts for 1% of all spam at the moment, but they expect this technique to become as popular as similar techniques being used to distribute spam using other free Google online services, including Google Docs, Google Pages, and Google Calendar.
The benefit to using Sites for spamming is that it’s harder to block the resulting URLs generated by the service. Unlike Google Pages, whose URLs are in the format of accountname.googlepages.com, a Sites URL begins http://sites.google.com/site/. The format of these URLs, which contain “google.com,” are more difficult for traditional signature-based anti-spam tools to block. At the tail end of the URL, the spammers’ sites will contain site names that are composed of random letters and numbers.
Sites is certainly not the only Google product that has been adopted by spammers. For example, I noticed an increase in Google Groups-related spam messages arriving in my Gmail inbox recently. Google Sites looks to be more of the same. Spammers are certainly clever, so it’s up to the makers of anti-spam technology to combat this latest threat of “Google Spam.” Clearly, just because something is hosted at google.com, it should not automatically be considered safe or trustworthy.
The bigger question here is how the rise of Google spam is being addressed by Google themselves? Surely, they are concerned about their name becoming associated with sites hosting malware and spam?
Google would not confirm how they were addressing this specific problem or how they address spam in general, saying that they needed to be careful not to provided spammers with any clues as to what they do. However, they did say that they expect spammers to use every means possible to try to send spam and that they have a very robust spam-fighting effort at Google. They also claim that they disable these accounts immediately and will continue to do so.