Post on Slashdot
Alex Neuman van der Hans
alex at rtpty.com
Fri Sep 5 17:16:16 IST 2008
I saw this post on Slashdot and wanted to share - see if you have any
insights, suggestions, etc.
----
Use the information against the spammers? (Score:4, Interesting)
by Seriph (466197) on Friday September 05, @08:49AM (#24886827)
I've been doing some digging into this over the last few months and
noticed an awful lot of spamvertized sites seem to have their domains
registered with such privacy protecting registrars.
I've been thinking about how to use the fact that a domain is
registered with such a registrar as part of a spam scoring metric and
whether anyone else has already done work on this? Just on the mail
passing through my systems, I'm seeing a very strong correlation
between a mail being spam and it referring to a domain registered with
such a registrar, with the domain nameservers being on dynamic IP
space, and with the DNS for the spam domain having a very low TTL
value set.
It's also interesting to track back the nameservers for any domains
referred to in the NS records of the spam domain. By doing so I can
find fairly large networks of interrelated spam domains and spam
websites, the addresses of many of which already appear on the likes
of the Spamcop and Spamhaus SBL/XBL lists or appear there shortly
afterwards.
The point is, is it practical to use this sort of information against
spammers and is anyone already doing it?
-----
More information about the MailScanner
mailing list