What's the deal with nonexistent domains? I've been seeing more of these in my corpora. They don't look like typos. Are spammers making up names, or are they registering domains and having them deleted later (either by their choice, or the registrars'?) Should we even consider listing them, or is poisoning not-yet-registered domains too much of a risk?
Here's an example mail. In this case, the other domain in the email, "netdreamwatches.com", is already in many SURBLs, but "netdreamwatches4.com" does not exist.
My thought is *not* to list the NX'ers if there's another existing domain in the mail fit for SURBL.
------------------------------------------------------------------------- Received: from 250.93.180.0 by 82.181.73.98; Sat, 04 Sep 2004 21:06:45 -0500 Message-ID: COYELLCYZAXZCUMLBQUNZDMH@hotmail.com From: "Everett Dooley" sexdw@yahoo.com Reply-To: "Everett Dooley" sexdw@yahoo.com To: private@email.com Subject: Order now for free shipping on all watches! Date: Sat, 04 Sep 2004 20:09:45 -0600 X-Mailer: AOL 9.0 for Windows US sub 022 MIME-Version: 1.0 Content-Type: text/plain; boundary="--80228313128822712" X-Priority: 3 X-MSMail-Priority: Normal X-IP: 99.152.240.119
hey there!,
Great deals on imitation rolex and etc....
go to http://www.netdreamwatches.com for more info
kind regards Everett Dooley
get out of this sessions http://dreamwatches4.com/beout.asp
-------------------------------------------------------------------------- - Ryan