Dspam

[Dan Hollis]

On Tue, 24 Feb 2004, Michele Neylon :: Blacknight Solutions wrote:
> So you have three problems (in my rather simplistic view)
> - 1 Source IP - almost impossible to forge, but could be anywhere in the world
> - 2 Source address/domain/hostname - meaningless
> - 3 URLs in the text/body of the email -
> - 4 The *real* hostnames that 3 refers to
> 1 - is easy enough to track/block
> 2 - is meaningless
> 3 - awkward. Reverse IP lookups on each one???? Sounds painful
> 4 - unless you follow the URL in 3 you have no way of knowing what it is

Just because its not perfect doesnt mean its useless.

Its certainly better than a lot of the filtering techniques out there, and
should be a lot more effective.

Reverse lookups for #3? No. *forward* lookups. Eg
http://www.grblsndktqer.biz/ in the body of the spam resolves to an IP in
china. So you block it.

-Dan