Post on Slashdot
Alex Neuman van der Hans
alex at rtpty.com
Fri Sep 5 18:12:42 IST 2008
Point taken. But what about scoring on a combination of these factors?
Sent from my iPhone
On Sep 5, 2008, at 11:21 AM, Matt Hayes <dominian at slackadelic.com>
> Alex Neuman van der Hans wrote:
>> I saw this post on Slashdot and wanted to share - see if you have any
>> insights, suggestions, etc.
>> Use the information against the spammers? (Score:4, Interesting)
>> by Seriph (466197) on Friday September 05, @08:49AM (#24886827)
>> I've been doing some digging into this over the last few months and
>> noticed an awful lot of spamvertized sites seem to have their domains
>> registered with such privacy protecting registrars.
>> I've been thinking about how to use the fact that a domain is
>> with such a registrar as part of a spam scoring metric and whether
>> anyone else has already done work on this? Just on the mail passing
>> through my systems, I'm seeing a very strong correlation between a
>> being spam and it referring to a domain registered with such a
>> registrar, with the domain nameservers being on dynamic IP space, and
>> with the DNS for the spam domain having a very low TTL value set.
>> It's also interesting to track back the nameservers for any domains
>> referred to in the NS records of the spam domain. By doing so I can
>> fairly large networks of interrelated spam domains and spam websites,
>> the addresses of many of which already appear on the likes of the
>> Spamcop and Spamhaus SBL/XBL lists or appear there shortly
>> The point is, is it practical to use this sort of information against
>> spammers and is anyone already doing it?
> To me, private registration is a fine thing. I do it with my domains.
> If people start scoring spam because of a private registration, I
> say a lot of false positives are going to happen. The private
> registration just means that the contact info posted is a "proxy" to
> real person. All in all, you can still get a hold of the right
> just takes a little bit longer.
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> Before posting, read http://wiki.mailscanner.info/posting
> Support MailScanner development - buy the book off the website!
More information about the MailScanner