fyi-- Ken A: negative caching of throwaway spam domains

[Paul Vixie <paul () vix com>]

> --- Begin Message ---
>
>
> From: Ken A <ka () pacific net>
>
> Date: Wed, 21 Jun 2006 09:51:15 -0700
>
> Hi,
>
> We have 3 spam filtering machines that each run a bind caching 
> nameserver to help with rbl lookups, etc..
> After mail passes through these machines it goes to our mail hub.
>
> Every so often, a spam from a throwaway spam domain will get through the 
> spam filtering machines to the mailserver hub. The caching nameserver on 
> the spam filtering machine will be able to lookup the sender's hostname, 
> so sendmail accepts it.
>
> But, sendmail, on the mailserver hub will bounce it back to the spam 
> filtering machine with an error.. 'Domain of sender address 
> jthlhiyue () halosalbum com does not exist'. (that one is from this am.. 
> registered yesterday by a spammer).
>
> The question is, is there something I can do to, other than telling the 
> mail filter machines to all use the same instance of bind to avoid this 
> happening?
>
> Also, a bit off topic, but it occurs to me that this kind of information 
> is useful in spam fighting. Are there any rbls out there that list all 
> domains registered in the last 48 hrs?
>
> Thanks for any ideas!
>
> Ken A
> Pacific.Net
>
>
>
> --- End Message ---
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.