Fwd: [spamtools] Decomissioning a DNS anti-spam list

Furnish, Trever G TGFurnish at HERFF-JONES.COM
Fri Mar 19 22:53:32 GMT 2004


> -----Original Message-----
> From: shrek-m at gmx.de [mailto:shrek-m at GMX.DE]
> Sent: Friday, March 19, 2004 5:24 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Fwd: [spamtools] Decomissioning a DNS anti-spam list
>
>
> hermit921 wrote:
>
> > For people who don't follow the spamtools list, a posting (with some
> > lines
> > deleted for brevity) from the former InfiniteMonkeys owner:
> >
> >> Oh! And I should mention that I also tried this:
> >>
> >> *.relays.monkeys.com. IN A 127.0.0.2
> >> IN TXT "See http://www.monkeys.com/dnsbl/"
> >
>
> it must be possible.
>
> afair
>
> kimble.org stopped the blaster-e-virus ddos in august 2003
> with an nameserver-entry -> 127.0.01
>
> http://sophos.com/virusinfo/analyses/w32blastere.html

You're assuming that:
        1. the DDoS attackers have all stopped
        2. no one has systems configured with the DNSBL name server ip
addresses hard coded.

There are actually quite a few circumstances where it sometimes makes sense
to just dump a set of ip addresses entirely and switch networks.  Woe to the
next person to get that subnet. :-(

It sounds like the monkeys.com owner doesn't want people to ask him whether
relays.monkeys.com no longer, meaning he doesn't even want to get the NS
record query for relays.monkeys.com at all - it's not enough to get it and
reject it.



More information about the MailScanner mailing list