The spammer sends out realistic messages that contain a URL flogging the P I L L S site of the day. Upon delivery, SpamAssassin etc. check the URL in the message. Not finding the URL in and RHSBL, and not able to get any DNS info (such as DNS hosted by China), SpamAssassin has no information that would flag the URL as bad. SpamTraps and manual spam reports are the only thing that can flag this type of URL as spam, but since it is hard to automatically tag as a spam URL it will likely escape.
This spam technique makes the assumption that most people get up / into work the next day and check their messages first thing. At 6:00 AM the spammer registers the domains and voila! A valid web site in China to click on. While I wouldn't necessarily want to associate myself with the spam a spammer sends out, I can use the same sleazy techniques, minus the stolen credit card: register with a registrar known to be soft on spam, provide false contact information, and host it in China. Put up a web page saying "do not buy from E-mail ads", etc. When the spammer goes to register it the next morning, he will be unable to activate the domain and out of customers for that spam run. Long term the spammer still can win that battle, but this is a great way to irritate someone on the other end for once. ----- Original Message ----- From: "Dan Geiser" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Tuesday, January 11, 2005 3:59 PM Subject: Re: [Declude.JunkMail] Interesting tactic.. > I don't get this article at all. How is this any different then sending > e-mails with using domains that you have no intention of ever using? Why > would you want to register the domain name and then associated yourself with > a domain used in a spam mailing? And from a technical standpoint why would > a distributed DNS system be overloaded by trying to lookup bogus domain > names? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
