[SURBL-Discuss] Re: Start an IP list to block?
Steven Champeon
schampeo at hesketh.com
Fri Sep 10 02:44:27 CEST 2004
on Thu, Sep 09, 2004 at 04:57:46PM -0600, Ryan Thompson wrote:
>
> [ Whew! CC trimmed :-) ]
>
> Jeff Chan wrote to Justin Mason:
>
> >>Yeah. I was referring to the proposal to lookup IP addresses for
> >>href hostnames directly (instead of looking up the NS'es.)
> >
> >Yep. Resolving domain names found in spam URIs is slow
>
> Aha. Key word = "domain names".
>
> All the world's a host. Spammers are already using random subdomains in
> their emails, and there is absolutely *no* guarantee whatsoever that
> these subdomains resolve to the same IP(s) as the registrar domain (or
> even as the rest of the subdomains). It's basic DNS, and, in this case,
> it means we're basically screwed before we start. :-)
It's wildcard DNS if anything - the "random" bits are added to allow
for tracking.
exhibit #1: from a real spam:
schampeo at cayenne:1009 $ ns www.illusiontantrumillsexhaledtarpaper.shjkss.d.dd.f.ff.k.gerswe.gatsrsa.com
Server: 216.27.21.209
Address: 216.27.21.209#53
Non-authoritative answer:
Name: www.illusiontantrumillsexhaledtarpaper.shjkss.d.dd.f.ff.k.gerswe.gatsrsa.com
Address: 222.55.10.3
exhibit #2: take a guess:
schampeo at cayenne:1010 $ ns www.spammersdeservenothinglessthanlongslowpainfuldeath.shjkss.d.dd.f.ff.k.gerswe.gatsrsa.com
Server: 216.27.21.209
Address: 216.27.21.209#53
Non-authoritative answer:
Name: www.spammersdeservenothinglessthanlongslowpainfuldeath.shjkss.d.dd.f.ff.k.gerswe.gatsrsa.com
Address: 222.55.10.3
I wouldn't worry that much about it.
--
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
Buy "Cascading Style Sheets: Separating Content from Presentation, 2/e" today!
http://www.amazon.com/exec/obidos/ASIN/159059231X/heskecominc-20/ref=nosim/
More information about the Discuss
mailing list