I get a spam message come through about once in a month, I just got a spam message that used an interesting technique:

-----------------------------------------
From: bolsterwinterswinnipegflooring.com
Subject: sufficient
Date: June 17, 2006 6:11:35 PM EDT
To: achilleXX.XXXXX.edu

Have you ever considered of saving thousands on your health?
If you are already paying hundreds, then you should check Google:

http://www.google.com/url?q=%68%74%74%70%3A%2F%2F%77%77%77%2E%67%65%6F%63%69%74%69%65%73%2E%63%6F%6D%2F%67%69%67%67%69%70%65%73%63%61%72%6F%2F%65%67%2E%68%74%6D%6C

Sincerely,
Weldon Chin
Google Service Team
-----------------------------------------

Is this unique?

Interesting abuse of the Google brand.

Perhaps the important issue is that, unlike (I believe) all current browsers, Google's redirector doesn't employ any anti-phishing safeguards to block or unmask obfuscated URLs.

For example, just entering the obfuscated tail of that URL into IE, Firefox or Opera : %68%74%74%70%3A%2F%2F%77%77%77%2E%67%
65%6F%63%69%74%69%65%73%2E%63%6F%6D%
2F%67%69%67%67%69%70%65%73%63%61%72
%6F%2F%65%67%2E%68%74%6D%6C *wouldn't* navigate to the spammers page (nor if the http:// and/or www bits are not obfuscated).

[[ you will have to concatenate these lines yourself – Sam]]

But when 'washed' through Google, browsers see the initial valid (Google) domain and so (rightly) think the URL is good, and Google's redirector makes no similar sanity checks of its own.

Maybe you should call upon Google to tighten that up, Philipp?

Google could have their redirector decline to forward to obfuscated URLs. Or it could display an interstitial page showing the original and de-obfuscated URLs as clickable links – like most of the URL shortening services do – so that surfers could choose (and/or be auto-redirected after a short 'no thanks' pause). Hey, they could even put adverts on the display page ...

------

Oops, looks like I've borked your page formatting :)

(And I don't mean the URL shortening services show de-obfuscated URLs; only that they show an interstitsial page. Google could do both, it seems to me).

On a slightly different issue, the spam might also have said :-

-----------------------------------------
If you are already paying hundreds, then you should check Google's Trusted Partners Program :

www.google.com//Trusted_Partne
rs/url?&q=%68%74%74%70%3A%2F%
2F%77%77%77%2E%67%65%6F%63%
69%74%69%65%73%2E%63%6F%6D
%2F%67%69%67%67%69%70%65%73
%63%61%72%6F%2F%65%67%2E%6
8%74%6D%6C

Sincerely,
Weldon Chin
Google Service Team
-----------------------------------------

And anti-obfuscation at the Google redirector wouldn't help much there, since sloppiness in Google's server configuration would (and does) allow the same URL in plain text :-

www.google.com//Trusted_Partners/
url?&q=http : // www.geocities.com/gig
gipescaro/eg.html

More details/examples of that quirk here :-

http://blogoscoped.com/forum/10977.html