On Thursday, October 28, 2004, 3:12:11 PM, Sheldon wrote: >> This is a good argument for the delayed-scan-and-deliver feature I >> suggested previously. The porn guys you are probably talking about we >> call the "mad-lib pornsters". Every day or so they will come out with >> a brand new set of domains delivering a wide array of porn traffic. >> Actually, our robots usually manage to pick up quite a bit of it, but >> they have huge bandwidth behind them so they get quite a bit of >> content out before the updated rules can go in place.
SK> It is obvious they are using "disposable" domain names. They come in flavors SK> like gbzqrx.info and so on. By the time my customers check their email, SK> forward it to me and then I forward it to Sniffer, it is probably 6-24 hours SK> old. How many millions have been delivered in that time? Ugh... Luckily we get these in spamtraps almost immediately. If a robot picks it up then the next outgoing rulebase will catch it. If one of us picks it up then there may be couple of hours extra (we don't have a 24-7 Spam-Noc yet) but it will still get nailed soon. As it turns out, throw-away or not these domains get used for quite a while. And, as it also turns out many of them come back to life 6-9 months later after dormancy. (These ones get picked up by our deep scans and reactivated.) It's a tough problem, but a simple delay will go along way toward making these throw-away mechanisms useless. Simply don't listen to anything new until a bit later and the filtering mechanisms will always have time to react (since they listen to everything in real-time). _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
