[dns-operations] Odd MX queries

Marco Davids (SIDN) marco.davids at sidn.nl
Mon Mar 11 17:20:12 UTC 2013

On 3/11/13 12:55 PM, Daniel Stirnimann wrote:

>> Has anyone an idea what the source of this traffic pattern is? It's also
>> interesting to note that quite a lot of 2nd-level queries result in
>> NXDOMAIN responses.
> Someone responded offlist to me. It's one of the messaging bots which is
> causing this traffic which has a broken resolver.

Not always. Sometimes it's a spammer (botnet) trying to distinguish
valid harvested e-mail addresses from fake ones, that are generated for
reasons of 'list poisoning', such as the ones generated with:

and similar ones.

A typical example of a 'cat and mouse game'...



More information about the dns-operations mailing list