Faking Backlinks with email requests

Sneakiness with email outreach

HTTP Trickery to Fake Backlinks via Email

Demo:Here
So following on from the previous post on how to fake backlinks with the HTTP referrer and cookies, here is another way to use the method to fake backlinks.
In this method we use email to contact our intended link target, which brings its own advantages and disadvantages.
Firstly, contact by email is much more likely to be read by the intended recipient than an automated blog spam comment.
However with email we cant rely on the HTTP header to pass the target domain for the faked backlink.

So with the referrer data not available to us, we need to think of another way to secretly pass the domain of the intended target to our script so that it can add it to a cookie and put out a backlink to our unsuspecting link partner.
One way we can do this is really simply by passing the domain as a GET variable and having the link partner visit a url like domain.com/usefullinks?link=website.com where the “website.com” is the target of the fake link.

This would work but it looks too obvious, plus if the link partner tried another domain name then they would see that the link is generated by whatever is after the “?link=“.

To make things seem a little more legitimate we can use a great little feature of PHP and encode the target url as a base64 string so that:
domain.com
becomes
ZG9tYWluLmNvbQ==

Use a simple Base64 encoder to encode the target domain

Now we can send the following non conspicuous link to our link partner domain.com/usefullinks?tracking=ZG9tYWluLmNvbQ==
disguising the encoded domain as some kind of harmless email tracking number as are commonly used to monitor email marketing campaigns.

All we need to do is make a few small changes to the “useful-links.php” file that we created in the previous post by adding the following:

else if (isset($_GET['tracking'])){
setcookie("link",base64_decode($_GET['l']), time()+999999999);
header("Location: http://". $_SERVER['HTTP_HOST'] . "/useful-links");	
}

Immediately after we have checked for the cookie on line 3, meaning the complete file should look like this:

<?
if (isset($_COOKIE['link'])){
header("Location: http://". $_SERVER['HTTP_HOST'] . "/useful-links");}
else if (isset($_GET['l'])){
setcookie("link",base64_decode($_GET['tracking']), time()+999999999);
header("Location: http://". $_SERVER['HTTP_HOST'] . "/useful-links");	
}
else{
preg_match('#http://[\w\d\.\-]+#',$_SERVER['HTTP_REFERER'],$urlArray);
$refurl = current($urlArray);
setcookie("link",$refurl, time()+999999999);
header("Location: http://". $_SERVER['HTTP_HOST'] . "/useful-links");
}
?>

Now all we have to do is create an email to our intended backlink source informing them that we have placed a link to them and would appreciate a backlink from them in return.
Use your HTML email editeor to include a link back to the useful-links.php script with their domain included (if you made the htaccess adjustments set out in the previous post you can just use “domain.com/usefullinks” rather than “domain.com/useful-links.php“), for example

<a href="http://www.domain.com/usefullinks?tracking=ZGFuY2xhcmtpZS5jby51aw==">http://www.domain.com/useful-links</a>

Which will out put the link in the following format:
http://www.domain.com/useful-links
(mouseover the link, check the target)
Further hiding our fakey linky trickery.

What’s also cool is the cookie get set after the first visit and any other visits to the URL are ignored regardless of the “tracking” code or referrer.
So say for example that our email recipient is a bit smart and once he has clicked the link and seen a link pointing to his domain, he gets a bit curious and tries the link from the email with an altered “tracking” code. Because the domain has already been saved in the cookie, and is not overwritten, our email recipient sees the same link back to his domain regardless of how he arrives at the page (HTTP referrer = no influence), or whatever “tracking” code they attempt to use.

I used this exact method a few months ago for a project I was working on and landed some fantastically strong backlinks including a link from a professional SEO agency.
So far I have only seen this fake backlink trick used in blog comment spam and never with the use of cookies for persistence.
Using it in they way by email brings a whole new level of sophistication to this trick and is a fantastic way to build up some high quality one-way backlinks