Geocities is a free web hosting service provided by Yahoo. It is predominantly used by hobbyist website creators to build fansites, personal sites, photo galleries, etc. However starting in 2004 and continuing up until the present day, numerous spammers (notably Vincent Chan) have started abusing Geocities websites in an automated fashion, building pages whose sole purpose is to redirect the user to the actual target website. This allows the spammer to get around numerous well-established spam filters, which would never block a geocities domain, since Yahoo is widely whitelisted on most block lists.
My Canadian Pharmacy (referred to in this document as MCP) is a longstanding Russian or possibly Ukrainian spam operation which has been relentlessly spamming email users around the world since at least the spring of 2004. The operators are currently wanted by numerous international law enforcement groups including Interpol and the FBI. They largely appear to be tied to credit card fraud and identity theft. Nobody has ever noted receiving a single shipment of any product ordered on a My Canadian Pharmacy website.
Numerous pharmacy oversight organizations have fielded several thousand complaints per year regarding this illegal operation. They and numerous law enforcement agencies continue to investigate as much as possible regarding the spamming, website setup, DNS setup and (alleged) order processing of this spam gang. This investigation is ongoing.
 Spam Example
Best replica watches from IWC at Replica Classics Genuine Swiss made Rolex replicas are as close to the real thing Guaranteed triple-wrapped gold on all-gold models http://mx.geocities.com/ivanasan17 If you are looking for a stylish, quality costume watch at low prices, our offers are for you. We specialize in top quality replica watches. Wearing these expensive looking watches is prestigious. Buying these models you will save you a ton of money and always look trendy. Why pay more? Get qualitative replica watches here
 Basic Summary
eval (unescape("%66%75%6E%63%74%69%6F%6E%20%65%5F%65%28%65%29%7B%65%3D %75%6E%65%73%63%61%70%65%28%65%29%3B%70%3D%22%51%5A%55%45%4C%4D%5 3%42%4C%4A%4B%56%52%43%50%44%44%48%4F%53%43%55%45%54%4E%58%49%41% 5A%4B%22%3B%73%3D%22%22%3B%73%6C%3D%6E%65%77%20%41%72%72%61%79%28 %29%2C%6B%3D%30%2C%6A%3D%30%3B%66%6F%72%28%69%3D%30%3B%69%3C%65%2 E%6C%65%6E%67%74%68%3B%69%2B%2B%29%7B%63%3D%65%2E%63%68%61%72%43% 6F%64%65%41%74%28%69%29%3B%69%66%28%63%3C%31%32%38%29%7B%63%3D%63 %5E%70%2E%63%68%61%72%43%6F%64%65%41%74%28%6A%25%70%2E%6C%65%6E%6 7%74%68%29%3B%6A%2B%2B%3B%7D%73%2B%3D%53%74%72%69%6E%67%2E%66%72% 6F%6D%43%68%61%72%43%6F%64%65%28%63%29%3B%69%66%28%73%2E%6C%65%6E %67%74%68%3E%38%30%29%7B%73%6C%5B%6B%2B%2B%5D%3D%73%3B%73%3D%22%2 2%7D%7D%73%3D%73%6C%2E%6A%6F%69%6E%28%22%22%29%2B%73%3B%64%6F%63% 75%6D%65%6E%74%2E%77%72%69%74%65%28%73%29%7D"));
e_e("m%2967%25%3D%27b83%3B3oa%24!%3C%3C%609%22#%24%27%2D* 1%2EioW_elqroaGAvr49* %278%7D%25%3A&!%3Dp%60zWA%255%25k %220#8#%248|%2B%22!%22um%3B7!5naw%3E6%2De%252%3C*%2Fc0%2D!hp%5BXc pkkebmN_etrw%3A%22%28%22!%2Ek");
This decrypts to turn into:
a) A function called "e_e" which will perform a rudimentary character replacement decryption technique.
b) A run of the e_e function, passing a specific string to the function.
The resulting URL in this case turns out to be: www.thioc.com, another illegal Replica Watch website.
Vincent Chan has apparently been doing this for at least two years now, well-documented in his SpamHaus ROKSO entry. He is most likely not the only one, merely the most prolific one.
 How to Report this Spam
 Forward Spam Emails
The simplest way to report Yahoo Geocities spam is to forward emails to:
As of 16 September 2007, this is the best address to use.
Yahoo is well aware of this ongoing issue and is responsive to reports, often taking action within the same day. Even the receipt of one single spam email featuring a geocities address will be enough to take action. You should make sure to include all the headers, if possible, as this is a basic requirement of Yahoo and Geocities before any action will be taken.
 Sample Report
subject: geocities redirect spam: anherbals.com (Herbal King)
 Submit to Yahoo's Web Reporting Form
Yahoo has provided a web form for reporting Geocities spam at
The form requires the user name of the user abusing the Geocities service. The Geocities user name can be found from the bold component of the URL below.
The Geocities Web Form is working as of 11 February 2008.