Post on Slashdot

Alex Neuman van der Hans alex at
Fri Sep 5 17:16:16 IST 2008

I saw this post on Slashdot and wanted to share - see if you have any  
insights, suggestions, etc.

Use the information against the spammers? (Score:4, Interesting)
by Seriph (466197) on Friday September 05, @08:49AM (#24886827)

I've been doing some digging into this over the last few months and  
noticed an awful lot of spamvertized sites seem to have their domains  
registered with such privacy protecting registrars.

I've been thinking about how to use the fact that a domain is  
registered with such a registrar as part of a spam scoring metric and  
whether anyone else has already done work on this? Just on the mail  
passing through my systems, I'm seeing a very strong correlation  
between a mail being spam and it referring to a domain registered with  
such a registrar, with the domain nameservers being on dynamic IP  
space, and with the DNS for the spam domain having a very low TTL  
value set.

It's also interesting to track back the nameservers for any domains  
referred to in the NS records of the spam domain. By doing so I can  
find fairly large networks of interrelated spam domains and spam  
websites, the addresses of many of which already appear on the likes  
of the Spamcop and Spamhaus SBL/XBL lists or appear there shortly  

The point is, is it practical to use this sort of information against  
spammers and is anyone already doing it?

More information about the MailScanner mailing list