Eric on 1 Apr 2009 06:17:58 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] OT: spammer's DNS

A similar effect happened to my email as well and I've wondered the same 

I theorize that the spammers grab a copy of the DNS records once (a 
year? a month?) and then resolve the addresses from this fixed cache.  
The reason for this might be that when you're sending a billion or so 
spam emails a day you can speed up the sending process and lower your 
visibility and network demands by not making DNS requests for each of 
those outgoing spams. 

Of course I'm not a networking expert so this is simply an uninformed 
opinion largely based on observation, logic, rumor, reading slashdot, 
and immoderate whiskey consumption ;-)


sean finney wrote:
> hiya,
> On Wed, Apr 01, 2009 at 08:40:16AM -0400, Art Alexion wrote:
>> Real mail stopped going to the old server in about 48 hours, but spam still 
>> goes there.  Can anyone help explain how the DNS servers that spammers use 
>> differ, and why this happens?
> spam servers (and infected zombies) are usually the least standards-complaint
> systems out there, so i wouldn't think about it too hard.  maybe they have a
> poor implementation of DNS caching, or maybe it's intentionally designed that
> way.  
> thankfully, such non-compliance is also what gave birth to greylisting
> and other effective anti-spam techniques :)
> 	sean
> ------------------------------------------------------------------------
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --
> Announcements -
> General Discussion  --

#  Eric Lucas
#                "Oh, I have slipped the surly bond of earth
#                 And danced the skies on laughter-silvered wings...
#                                        -- John Gillespie Magee Jr

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --