Post on Slashdot
Matt Hayes
dominian at slackadelic.com
Fri Sep 5 17:21:55 IST 2008
Alex Neuman van der Hans wrote:
> I saw this post on Slashdot and wanted to share - see if you have any
> insights, suggestions, etc.
>
> ----
> Use the information against the spammers? (Score:4, Interesting)
> by Seriph (466197) on Friday September 05, @08:49AM (#24886827)
>
> I've been doing some digging into this over the last few months and
> noticed an awful lot of spamvertized sites seem to have their domains
> registered with such privacy protecting registrars.
>
> I've been thinking about how to use the fact that a domain is registered
> with such a registrar as part of a spam scoring metric and whether
> anyone else has already done work on this? Just on the mail passing
> through my systems, I'm seeing a very strong correlation between a mail
> being spam and it referring to a domain registered with such a
> registrar, with the domain nameservers being on dynamic IP space, and
> with the DNS for the spam domain having a very low TTL value set.
>
> It's also interesting to track back the nameservers for any domains
> referred to in the NS records of the spam domain. By doing so I can find
> fairly large networks of interrelated spam domains and spam websites,
> the addresses of many of which already appear on the likes of the
> Spamcop and Spamhaus SBL/XBL lists or appear there shortly afterwards.
>
> The point is, is it practical to use this sort of information against
> spammers and is anyone already doing it?
> -----
>
>
To me, private registration is a fine thing. I do it with my domains.
If people start scoring spam because of a private registration, I would
say a lot of false positives are going to happen. The private
registration just means that the contact info posted is a "proxy" to the
real person. All in all, you can still get a hold of the right people,
just takes a little bit longer.
-Matt
More information about the MailScanner
mailing list