[dns-operations] Odd MX queries
Marco Davids (SIDN)
marco.davids at sidn.nl
Mon Mar 11 17:20:12 UTC 2013
On 3/11/13 12:55 PM, Daniel Stirnimann wrote:
>> Has anyone an idea what the source of this traffic pattern is? It's also
>> interesting to note that quite a lot of 2nd-level queries result in
>> NXDOMAIN responses.
>
> Someone responded offlist to me. It's one of the messaging bots which is
> causing this traffic which has a broken resolver.
Not always. Sometimes it's a spammer (botnet) trying to distinguish
valid harvested e-mail addresses from fake ones, that are generated for
reasons of 'list poisoning', such as the ones generated with:
http://www.spamhelp.org/harvesterkiller/
http://www.robietherobot.com/spamfight.htm
http://zzzy.freeshell.org/guestbook/
and similar ones.
A typical example of a 'cat and mouse game'...
Regards,
--
Marco
More information about the dns-operations
mailing list