Hi;
A while back I
suggested a test based on REVDNS. The idea was simply trying to track
spammers that are not just occasional senders but do this on a much larger
scale.
Since then we
started tracking REVDNS of all addresses that send more than 1 email in a
batch. Simply spammers that show up repeatedly in a single day and they
send to a number of people on our servers..
The entries are
taken from the results of this header entry:
X-Note: Sent from
Reverse DNS:
This is just one
of the many entries that shows some convergence...:
.denyandpurify.com
65.214.161.222
.foxonthetrot.com
65.214.161.229
.elevengetseven.com
65.214.161.229
.denyandpurify.com 65.214.161.230
.elevengetseven.com
65.214.161.231
Different REVDNS
.. same IP family.. two being identical IP's
One thing about
this company is the domains they use all follow similar thinking.. the server
they use to send the emails are different .. but their name server appears to be
the same.
This could be a
great test if added.
Just some
thoughts...
Regards,
Kami
