Upon examining various URI messages that trolls have sent here the last two days (of those that still have DNS resolution):
(A) TTL is less than 300 on all but two (2560 and 3600). (B) Even 2g00d.mobi is running a TTL of 181. Would a spamvertized URI from a "legit" company be running a TTL that low? I think not. Seems like a good way to combat Fast-Flux DNS system spam. Drawbacks include DNS SOA timeouts for bad domains. Where's our prophet "John the Botnet" when you need him? Ever Pondering, Jared Hall General Telecom, LLC. On Friday 10 August 2007 10:34, clsgis wrote: > We're seeing URIs in spam whose domains have between > a dozen and three dozen Address records, with time-to-live TTLs less than > ten minutes. > Is there a test for too many Address records? What's its name? > Is there a test for too-short TTLs?
