This week Yahoo! permanently closed down its venerable Geocities service. This move ended one of the internet’s longest standing free web site hosting services and one of the most frustrating spam problems of more recent years.
Geocities became popular in the last 1990s as a free and easy way for people to publish web sites about their businesses and hobbies. Although in recent years it stood as a monument to horrible website design in its prime it was one of the most visited sites on the internet.
After a takeover by Yahoo! in 1999 the website began a slow but steady decline due to various changes by the new owner. However one demographic that remained strong on Geocities was spammers.
The attractiveness of Geocities for spammers came down to a few key elements:
- Geocities.com was a trusted and recognizable domain name to normal internet users
- As a Yahoo! property it was unlikely that the various Geocities domain names would be blocked by anti-spam product vendors
User Trust and Social Engineering
A social engineering attack is one in which the attacker convinces the victim to perform a certain task. These attacks involve establishing the appearance of legitimacy and trustworthiness in the eyes of the victim.
For a spammer who wants to convince a person to click on a link in an email the Geocities.com domain name was a perfect way to gain the trust of the victim because it was highly likely the person would recognize it as a place for legitimate web sites.
Free Services and Combating Abuse
As most internet security experts will attest, if there is a free service available on the web then spammers will abuse it. The problem with this is that many free services are hosted by large, trustworthy internet companies and have millions of users.