Google has yet to stop a rising number of spammers from abusing Google Docs, its web-based collaboration and spreadsheet application, according to junk mail watchdog Spamhaus.
On Tuesday, Google moved from fourth to third on a list of spammy ISPs and other web services providers updated daily by Spamhaus. Google has been in the top 10 list over the last several weeks, said Richard Cox, Spamhaus's CIO.
Like peers Microsoft and Yahoo, Google's free email accounts are frequently used to send spam. Anti-spam filtering software is unlikely to block messages coming from the domains of those companies due to their wide use, although spam can be stopped through more sophisticated analysis of an email.
But a greater problem is how spammers are manipulating Google Docs, Cox said. The application has a feature where users can share a document that is assigned a URL. If opened, those documents contain a "redirect" command that pushes them to spammer websites, which often sell pharmaceuticals, Cox said.
Spamhaus has had trouble getting top-level attention from Google about the problem, Cox said. That's in contrast to Microsoft, which took steps recently to stop spammers from putting redirects on free web pages and sending out the links as spam.
A top Microsoft executive finally took note of the problem after being alerted by Spamhaus, Cox said. Microsoft hasn't detailed how it is stopping the nuisance, but their method appears to be working, Cox said. Spamhaus has had less luck so far with Google, he said.
When contacted, Google did acknowledge the problem.
"Spam is an issue for all Internet users, and we actively work to disable accounts that are found to be in violation of our product policies," Google said in a statement. "We're aware of this Google Docs spam issue, and we've already begun implementing improvements to minimize the impact of the issue."
There are a couple of fixes. One would be to simply halt the use of redirects, Cox said.
"We don't see why when Google and Microsoft hand out free web pages to people they should then allow those people to put a redirect to another site," Cox said. "The only people using redirects are the spammers."
Another method would be to check the URL to which a redirector points. If it is listed on Spamhaus' Block List (SBL) of verified spam operations, the message could be blocked, Cox said.
Services such as Tiny URL, which make long URLs shorter, block those URLs that redirect to sites on the SBL and thus don't have the problem, Cox said.