OT: spammers using temporary dns?

Furnish, Trever G TGFurnish at HERFF-JONES.COM
Mon Dec 29 15:59:12 GMT 2003


I have a feeling that this is an ignorant question and my mind is just in a
stupor from the holidays, but I'm still stumped so I'll go ahead and ask
it...

Anyone noticed spammers using temporary dns records?  By "temporary", I mean
*really* temporary - ie only a few minutes of existance.

My mailscanner system relays to one domain that does its own dns checks in
sendmail and I'm seeing a large increase during the last couple of weeks in
the number of messages that are accepted by the mailscanner (ie dns checks
succeed) and then rejected by the next hop a few minutes later (ie due to
missing dns records).

One of the domains in question is mx59.experta4.biz - dns worked when the
message was accepted, but a few minutes later the records were gone.  At
this point I just became aware of it, so it could be just one particular
spammer who's having dns problems.  Besides, I'm not sure what the
motivation would be for the spammer - if you can successfully get the dns
records created for your sender domain, why bother making them short-lived?

Either way, the mail isn't getting through, but it's causing DSNs to be
generated on my mailscanner system when the next hop rejects the message.
Just wondering if others maybe already know about this and consider it
typical or if it's new or if I have something screwy going on. :-)

--
Trever


Those who do not understand Unix are condemned to reinvent it, poorly.
      -- Henry Spencer



More information about the MailScanner mailing list