[dns-operations] negative caching of throwaway spam domains

paul at vix.com paul at vix.com
Wed Jun 21 17:48:58 UTC 2006

is there?


> From: Ken A <ka at pacific.net>
> Newsgroups: comp.protocols.dns.bind
> Subject: negative caching of throwaway spam domains
> Date: Wed, 21 Jun 2006 09:51:15 -0700
> Organization: none
> Sender: news at isc.org
> X-Original-Message-ID: <44997903.9000402 at pacific.net>
> User-Agent: Thunderbird (Windows/20060516)
> Hi,
> We have 3 spam filtering machines that each run a bind caching 
> nameserver to help with rbl lookups, etc..
> After mail passes through these machines it goes to our mail hub.
> Every so often, a spam from a throwaway spam domain will get through the 
> spam filtering machines to the mailserver hub. The caching nameserver on 
> the spam filtering machine will be able to lookup the sender's hostname, 
> so sendmail accepts it.
> But, sendmail, on the mailserver hub will bounce it back to the spam 
> filtering machine with an error.. 'Domain of sender address 
> jthlhiyue at halosalbum.com does not exist'. (that one is from this am.. 
> registered yesterday by a spammer).
> The question is, is there something I can do to, other than telling the 
> mail filter machines to all use the same instance of bind to avoid this 
> happening?
> Also, a bit off topic, but it occurs to me that this kind of information 
> is useful in spam fighting. Are there any rbls out there that list all 
> domains registered in the last 48 hrs?
> Thanks for any ideas!
> Ken A
> Pacific.Net

More information about the dns-operations mailing list