Post on Slashdot

Alex Neuman van der Hans alex at rtpty.com
Fri Sep 5 18:12:42 IST 2008


Point taken. But what about scoring on a combination of these factors?

Sent from my iPhone

On Sep 5, 2008, at 11:21 AM, Matt Hayes <dominian at slackadelic.com>  
wrote:

> Alex Neuman van der Hans wrote:
>> I saw this post on Slashdot and wanted to share - see if you have any
>> insights, suggestions, etc.
>>
>> ----
>> Use the information against the spammers? (Score:4, Interesting)
>> by Seriph (466197) on Friday September 05, @08:49AM (#24886827)
>>
>> I've been doing some digging into this over the last few months and
>> noticed an awful lot of spamvertized sites seem to have their domains
>> registered with such privacy protecting registrars.
>>
>> I've been thinking about how to use the fact that a domain is  
>> registered
>> with such a registrar as part of a spam scoring metric and whether
>> anyone else has already done work on this? Just on the mail passing
>> through my systems, I'm seeing a very strong correlation between a  
>> mail
>> being spam and it referring to a domain registered with such a
>> registrar, with the domain nameservers being on dynamic IP space, and
>> with the DNS for the spam domain having a very low TTL value set.
>>
>> It's also interesting to track back the nameservers for any domains
>> referred to in the NS records of the spam domain. By doing so I can  
>> find
>> fairly large networks of interrelated spam domains and spam websites,
>> the addresses of many of which already appear on the likes of the
>> Spamcop and Spamhaus SBL/XBL lists or appear there shortly  
>> afterwards.
>>
>> The point is, is it practical to use this sort of information against
>> spammers and is anyone already doing it?
>> -----
>>
>>
>
>
> To me, private registration is a fine thing.  I do it with my domains.
> If people start scoring spam because of a private registration, I  
> would
> say a lot of false positives are going to happen.  The private
> registration just means that the contact info posted is a "proxy" to  
> the
> real person.  All in all, you can still get a hold of the right  
> people,
> just takes a little bit longer.
>
> -Matt
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!


More information about the MailScanner mailing list