[SURBL-Discuss] Yahoo redirector?

Stuart Johnston stuart at ebby.com
Mon Oct 2 21:59:17 CEST 2006


Unfortunately, Yahoo is one of the top Spam domain hosts.  I don't think there is much you can do 
about it, generally.  Just report the domains as usual.

-Stuart


Joseph Brennan wrote:
> 
> What's going on here?
> 
> Numerous examples of porn spam sent Sunday have all different hostnames
> that resolve to the same few IP addresses, apparently by round robin:
> 
> $ host takinoivanober.com
> takinoivanober.com has address 68.142.212.127
> takinoivanober.com has address 68.142.212.128
> takinoivanober.com has address 68.142.212.129
> takinoivanober.com has address 68.142.212.130
> takinoivanober.com has address 68.142.212.135
> takinoivanober.com has address 68.142.212.126
> $ host zascehjukalsderr.com
> zascehjukalsderr.com has address 68.142.212.130
> zascehjukalsderr.com has address 68.142.212.135
> zascehjukalsderr.com has address 68.142.212.126
> zascehjukalsderr.com has address 68.142.212.127
> zascehjukalsderr.com has address 68.142.212.128
> zascehjukalsderr.com has address 68.142.212.129
> $ host sex368yzx.com
> sex368yzx.com has address 68.142.212.129
> sex368yzx.com has address 68.142.212.130
> sex368yzx.com has address 68.142.212.135
> sex368yzx.com has address 68.142.212.136
> sex368yzx.com has address 68.142.212.137
> sex368yzx.com has address 68.142.212.128
> 
> Reverse DNS resolves to Yahoo, only:
> 
> $ host 68.142.212.130
> 130.212.142.68.in-addr.arpa domain name pointer p10w14.geo.mud.yahoo.com.
> $ host 68.142.212.127
> 127.212.142.68.in-addr.arpa domain name pointer p10w11.geo.mud.yahoo.com.
> $ host 68.142.212.128
> 128.212.142.68.in-addr.arpa domain name pointer p10w12.geo.mud.yahoo.com.
> 
> The range 68.142.192 through 68.142.255 is all Inktomi, contact address
> network-abuse at cc.yahoo-inc.com, so it really is Yahoo.
> 
> The interesting bit is that connecting by IP address or yahoo hostname
> gets a "Error 400 - Bad Request", but connecting by the spammer hostname
> gets a web page.
> 
> I'd be especially interested in a generalized way of catching this.
> 
> Joseph Brennan
> Columbia University Information Technology
> 
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Discuss mailing list
> Discuss at lists.surbl.org
> http://lists.surbl.org/mailman/listinfo/discuss



More information about the Discuss mailing list