Hi!
- Spammers can set up multiple ip addresses to an A record. Whatever does
the reporting should check all A records, from the top down. i.e. query each NS multiple times to make sure it's not being round-robined or reported differently from multiple DNS servers.
- I can easily forsee spammers doing a wildcard subdomain as an effort to
thwart this, if we're doing nslookups.
- It's a common case that spammers use disposable landing sites, such as the
forwarding services offered by tinyurl, zoneedit, and the like, or will put an HTTP redirect on a hotmail or geocities page. Should those be exempt from this, since they have a fair number of legitimate domains as well?
Did you actually have a look on the sata provided at the start of this thread ? Sure, it COULD be different, but somehow, it isnt.
Thats why we posted the data in the first place, a lot of spam is boosted inside via the exact same way. We can ignore that, and say they will migitate, but if we never react they will never migitate either.
Bye, Raymond.