Comment spam trick of the day

I saw this weird thing hovering in someone’s comments on another site today, and so I went through the guestbook. Instead of that person’s comment containing like

… size=0 a href=”” …

It wasn’t there at all. It was much further down, in a generic “your site was a good place to meet people” comment:

... p style="position:absolute;bottom:1.8px;font:normal 1.5px sans-serif;"(BR)
Best places on the Web: (br)
(spammy link) (br)
(spammy link) (br)
(100th spammy link) (br)

The absolute tag is a CSS element. This is the first time I’ve seen it used as a spam tag — and the comment was left last year.

What’s particularly interesting about this is that it’s the use of a largely overlooked HTML tag that might be allowed by some filters that attempt to enforce filtering on malicious HTML. Here, a tag that was supposed to free people from using tables allows a commenter to jump out of where they’re supposed to be and cuckold another commenter (so to speak).

It also makes enforcement a pain: the list of spammy links appears overlapping other, normal content, and to find what the thing is, you’ve got to figure out what one of the links is, then search the page source or query the comments.