on Thu, Sep 09, 2004 at 04:57:46PM -0600, Ryan Thompson wrote:
[ Whew! CC trimmed :-) ]
Jeff Chan wrote to Justin Mason:
Yeah. I was referring to the proposal to lookup IP addresses for href hostnames directly (instead of looking up the NS'es.)
Yep. Resolving domain names found in spam URIs is slow
Aha. Key word = "domain names".
All the world's a host. Spammers are already using random subdomains in their emails, and there is absolutely *no* guarantee whatsoever that these subdomains resolve to the same IP(s) as the registrar domain (or even as the rest of the subdomains). It's basic DNS, and, in this case, it means we're basically screwed before we start. :-)
It's wildcard DNS if anything - the "random" bits are added to allow for tracking.
exhibit #1: from a real spam: schampeo@cayenne:1009 $ ns www.illusiontantrumillsexhaledtarpaper.shjkss.d.dd.f.ff.k.gerswe.gatsrsa.com Server: 216.27.21.209 Address: 216.27.21.209#53
Non-authoritative answer: Name: www.illusiontantrumillsexhaledtarpaper.shjkss.d.dd.f.ff.k.gerswe.gatsrsa.com Address: 222.55.10.3
exhibit #2: take a guess: schampeo@cayenne:1010 $ ns www.spammersdeservenothinglessthanlongslowpainfuldeath.shjkss.d.dd.f.ff.k.gerswe.gatsrsa.com Server: 216.27.21.209 Address: 216.27.21.209#53
Non-authoritative answer: Name: www.spammersdeservenothinglessthanlongslowpainfuldeath.shjkss.d.dd.f.ff.k.gerswe.gatsrsa.com Address: 222.55.10.3
I wouldn't worry that much about it.