> Now assuming you are the ISP, is there any way to get all those domains > pointed to somewhere else without having to define them all on your name > servers? Can't you fax the registrar or something to park them or is this > pretty much a really difficult type of attack to fight off?
Spam in its present state doesn't in general (with some exceptions) use a valid return address. They are still being forged which means the DNS queries are for yahoo, aol, and other frequent forgeries. The only real area I can see a lot of potential resolution is with URLs that people click on in emails. In a majority of spams I've seen, however, spammers are still using IP addresses instead of domain names as their goal is to hide as much revealing information as possible to pass them through spam filters [insert rant for Bayesian style filtering]. If they did do this though, I would think that name server caching would significant reduce the number of queries, helping to share the load of the problem. Every customer query to aol.com doesn't hit aol's nameservers (fortunately for AOL)...it hits first the user's local nameserver cache, and second the ISP's cache...with a large company like AOL, it'll also hit the ISP's web/ns inverse cache servers long before it ever touches their actual name servers. Some individuals are coding spam filters that actually perform HTTP gets on the URLs in the spams, in an attempt to DoS the spammers. I would be more concerned about this type of DoS. Jonathan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
