In recent days I've seen a lot of pirate software advertised in spam that uses a sender address of the form
"Firstname1 Lastname1" Firstname2Lastname2@suspectdomain
where suspectdomain is a very recently registered domain (late August-early September).
Previously software spammers used all kinds of fake sender domains, but non they had registered themselves and not specifically recently registered ones. Has anyone else noticed this and has any thoughts about it?
I wonder if spammers are buying lists of recently registered domain names off registrars in order to poison domain blacklists?
Joe
Joe,
"Firstname1 Lastname1" Firstname2Lastname2@suspectdomain
where suspectdomain is a very recently registered domain (late August-early September).
But is that a problem, we dont do much with the sender domains actually.
Previously software spammers used all kinds of fake sender domains, but non they had registered themselves and not specifically recently registered ones. Has anyone else noticed this and has any thoughts about it?
Since more and more large servers are using SPF they got stuck a little there. A lot are also publishing SPF records in DNS now, that might be the reason they use self controlled domains now. If thats true we are pushing them in the right direction ;)
Bye, Raymond.
On Sunday, September 12, 2004, 1:34:02 AM, Raymond Dijkxhoorn wrote: (Joe wrote:)
"Firstname1 Lastname1" Firstname2Lastname2@suspectdomain
where suspectdomain is a very recently registered domain (late August-early September).
But is that a problem, we dont do much with the sender domains actually.
Yes, only message body URI domains. :-)
Previously software spammers used all kinds of fake sender domains, but non they had registered themselves and not specifically recently registered ones. Has anyone else noticed this and has any thoughts about it?
Since more and more large servers are using SPF they got stuck a little there. A lot are also publishing SPF records in DNS now, that might be the reason they use self controlled domains now. If thats true we are pushing them in the right direction ;)
Yes, but how can they avoid advertising a URI? Hehe.... ;-)
Jeff C.
Jeff Chan wrote:
On Sunday, September 12, 2004, 1:34:02 AM, Raymond Dijkxhoorn wrote: (Joe wrote:)
"Firstname1 Lastname1" Firstname2Lastname2@suspectdomain
where suspectdomain is a very recently registered domain (late August-early September).
But is that a problem, we dont do much with the sender domains actually.
Yes, only message body URI domains. :-)
Previously software spammers used all kinds of fake sender domains, but non they had registered themselves and not specifically recently registered ones. Has anyone else noticed this and has any thoughts about it?
Since more and more large servers are using SPF they got stuck a little there. A lot are also publishing SPF records in DNS now, that might be the reason they use self controlled domains now. If thats true we are pushing them in the right direction ;)
Yes, but how can they avoid advertising a URI? Hehe.... ;-)
---------------------------- some.fake.rx-p-il-ls.dom\traq.php?1892
copy-and-pastè i n t o y o ur Bro Ws eR ----------------------------
Alex
On Sunday, September 12, 2004, 2:11:02 AM, Alex Broens wrote:
Jeff Chan wrote:
Yes, but how can they avoid advertising a URI? Hehe.... ;-)
some.fake.rx-p-il-ls.dom\traq.php?1892
copy-and-pastè i n t o y o ur Bro Ws eR
Alex
The message parsing code may eventually catch those too. There's been talk about it.
Jeff C.
Hi!
Previously software spammers used all kinds of fake sender domains, but non they had registered themselves and not specifically recently registered ones. Has anyone else noticed this and has any thoughts about it?
Since more and more large servers are using SPF they got stuck a little there. A lot are also publishing SPF records in DNS now, that might be the reason they use self controlled domains now. If thats true we are pushing them in the right direction ;)
Yes, but how can they avoid advertising a URI? Hehe.... ;-)
Well, good examples are the generic stock info spams, we all have seen them i guess. OR the college spam with only a phone number...
Bye, Raymond
-
Alex Broens -
Jeff Chan -
Joe Wein -
Raymond Dijkxhoorn