[dns-operations] negative caching of throwaway spam domains

Rick Wesson wessorh at ar.com
Wed Jun 21 19:17:21 UTC 2006


paul at vix.com wrote:
> is there?

no, but in just a few days there will be. We could do everything 
registered in the last 5 days.

I'll build it and we'll see if its effective. Just yesterday 755,304
new new.

I'll set up a zone today with the last 3 days domains from 
con/net/biz/info/us/org

lets use dob.sibl.support-intelligence.net, I'll have the first version 
up this afternoon.

-rick

> re:
> 
>> From: Ken A <ka at pacific.net>
>> Newsgroups: comp.protocols.dns.bind
>> Subject: negative caching of throwaway spam domains
>> Date: Wed, 21 Jun 2006 09:51:15 -0700
>> Organization: none
>> Sender: news at isc.org
>> X-Original-Message-ID: <44997903.9000402 at pacific.net>
>> User-Agent: Thunderbird 1.5.0.4 (Windows/20060516)
>>
>> Hi,
>>
>> We have 3 spam filtering machines that each run a bind caching 
>> nameserver to help with rbl lookups, etc..
>> After mail passes through these machines it goes to our mail hub.
>>
>> Every so often, a spam from a throwaway spam domain will get through the 
>> spam filtering machines to the mailserver hub. The caching nameserver on 
>> the spam filtering machine will be able to lookup the sender's hostname, 
>> so sendmail accepts it.
>>
>> But, sendmail, on the mailserver hub will bounce it back to the spam 
>> filtering machine with an error.. 'Domain of sender address 
>> jthlhiyue at halosalbum.com does not exist'. (that one is from this am.. 
>> registered yesterday by a spammer).
>>
>> The question is, is there something I can do to, other than telling the 
>> mail filter machines to all use the same instance of bind to avoid this 
>> happening?
>>
>> Also, a bit off topic, but it occurs to me that this kind of information 
>> is useful in spam fighting. Are there any rbls out there that list all 
>> domains registered in the last 48 hrs?
>>
>> Thanks for any ideas!
>>
>> Ken A
>> Pacific.Net
>>
>>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations




More information about the dns-operations mailing list