They are
getting good at changing NS servers as well. They will have a group of domains
using a NS server hosted under a pink contract. If it gets burned, they change
the host of the ns server and *poof* all the other domains are set.
Some are
changing hosts daily, even hourly. Its amusing to see what lengths they
will go to try to cover tracks. I'm still collecting info, but hopefully I will
have more for you guys soon.
--Chris
-----Original Message-----
From: Gray, Richard [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 09, 2005 11:43 AM
To: users@spamassassin.apache.org
Subject: new strategy?Please just throw fish at me if this has already been proposed, but I was thinking today about what aspects of spamming a spammer finds hard to change.Changing names and IP addresses are easy, but I imagine that finding a DNS server that will be authoratitive for them is a tougher challenge.So, if one was to develop a list of the name servers that are authoratative for spam domains, then when a spammer changes but keeps the same name server, we will know and squash them!I'm imagining this in a set up that is engineered around trust (unknown sender, untrusted NS = mid level sensitivity; unknown sender; bad NS = high sensitivity)I imagine the checks could be done using perl's DNS lookup module?R
---------------------------------------------------
This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses.
For further information contact [EMAIL PROTECTED]
