Re: [PLUG] OT: spammer's DNS

Eric on 1 Apr 2009 06:17:58 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] OT: spammer's DNS

From: Eric <eric@lucii.org>

To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: Re: [PLUG] OT: spammer's DNS

Date: Wed, 01 Apr 2009 09:17:51 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Thunderbird 2.0.0.21 (X11/20090318)

A similar effect happened to my email as well and I've wondered the same thing. I theorize that the spammers grab a copy of the DNS records once (a year? a month?) and then resolve the addresses from this fixed cache. The reason for this might be that when you're sending a billion or so spam emails a day you can speed up the sending process and lower your visibility and network demands by not making DNS requests for each of those outgoing spams. Of course I'm not a networking expert so this is simply an uninformed opinion largely based on observation, logic, rumor, reading slashdot, and immoderate whiskey consumption ;-) Eric sean finney wrote: > hiya, > > On Wed, Apr 01, 2009 at 08:40:16AM -0400, Art Alexion wrote: > >> Real mail stopped going to the old server in about 48 hours, but spam still >> goes there. Can anyone help explain how the DNS servers that spammers use >> differ, and why this happens? >> > > spam servers (and infected zombies) are usually the least standards-complaint > systems out there, so i wouldn't think about it too hard. maybe they have a > poor implementation of DNS caching, or maybe it's intentionally designed that > way. > > thankfully, such non-compliance is also what gave birth to greylisting > and other effective anti-spam techniques :) > > > sean > > ------------------------------------------------------------------------ > > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug > -- # Eric Lucas # # "Oh, I have slipped the surly bond of earth # And danced the skies on laughter-silvered wings... # -- John Gillespie Magee Jr ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] OT: spammer's DNS
From: Art Alexion <art.alexion@gmail.com>

References:

[PLUG] OT: spammer's DNS
From: Art Alexion <art.alexion@gmail.com>

Re: [PLUG] OT: spammer's DNS
From: sean finney <seanius@seanius.net>

Prev by Date: Re: [PLUG] OT: spammer's DNS

Next by Date: Re: [PLUG] OT: spammer's DNS

Previous by thread: Re: [PLUG] OT: spammer's DNS

Next by thread: Re: [PLUG] OT: spammer's DNS

Index(es):

Date

Thread