[dns-operations] negative caching of throwaway spam domains
paul at vix.com
paul at vix.com
Wed Jun 21 17:48:58 UTC 2006
is there?
re:
> From: Ken A <ka at pacific.net>
> Newsgroups: comp.protocols.dns.bind
> Subject: negative caching of throwaway spam domains
> Date: Wed, 21 Jun 2006 09:51:15 -0700
> Organization: none
> Sender: news at isc.org
> X-Original-Message-ID: <44997903.9000402 at pacific.net>
> User-Agent: Thunderbird 1.5.0.4 (Windows/20060516)
>
> Hi,
>
> We have 3 spam filtering machines that each run a bind caching
> nameserver to help with rbl lookups, etc..
> After mail passes through these machines it goes to our mail hub.
>
> Every so often, a spam from a throwaway spam domain will get through the
> spam filtering machines to the mailserver hub. The caching nameserver on
> the spam filtering machine will be able to lookup the sender's hostname,
> so sendmail accepts it.
>
> But, sendmail, on the mailserver hub will bounce it back to the spam
> filtering machine with an error.. 'Domain of sender address
> jthlhiyue at halosalbum.com does not exist'. (that one is from this am..
> registered yesterday by a spammer).
>
> The question is, is there something I can do to, other than telling the
> mail filter machines to all use the same instance of bind to avoid this
> happening?
>
> Also, a bit off topic, but it occurs to me that this kind of information
> is useful in spam fighting. Are there any rbls out there that list all
> domains registered in the last 48 hrs?
>
> Thanks for any ideas!
>
> Ken A
> Pacific.Net
>
>
More information about the dns-operations
mailing list