Smart browser spoofing? How does that differ from dumb browser spoofing?

. . . DOMs vary from UA to UA . . .

Urinalysis on the DOM? Is that how you detect meta-tag abuse?

I'm not sure what you mean by meta tag abuse.

Ok maybe smart/dumb spoofing was the best reference...

How about relative and absolute spoofing.

For example Opera's default UA spoofs but since it DOES contain the Opera string we know that it will be the Opera browser.

Now if you completely removed the UA and replaced it with something else (like UA switcher for Firefox) the only way you'd be able to tell (as far as I know) is by tinking with UA specific DOM objects (I suspect).

So what I'm curious to is if we remove Firefox's UA and put MSIE's...we could possibly detect the MSIE dom and if we fail pass it through a series of DOM detection strings that detect for each agent with a specific algorithm intended to test for dom behaviours we know are specific to a browser family or even version number.

Does that make sense?

Yes, what you propose seems reasonable, but is this form of spoofing an issue? Certainly, the number of browsers engaging in it must be limited. Generally, browser sniffing at the client is eschewed, these days, in favor of feature sniffing. At the server, it is rare any more to use the UA string for much other than statistics collection. I guess I'm unclear on what browser sniffing at the client is going to gain you.

Ever just do something purely for the challenge of it?

*sighs*

Oh, it would also allow one to block non-browsers, such as semi-intelligent spammers who list a user agent.

No wonder spammers have their way, few people actively even bother to go on the offensive against them.