penders - 6:59 pm on Jan 9, 2012 (gmt 0)

<div><script language="javascript" type="text/javascript"> var fakelink = '<a href="http://www.example.com">www.example.com</a>'; </script></div>

Although this particular example won't result in the referer being logged at example.com. But yes, it is still possible that the site could 'fake it' and even send you legitimate content when you parse it.

If you do choose to attempt validation by looking up the referring site then you would only do this periodically when building your "top-website" report. And storing "validated" and "last-validated" fields.