Spammers' New Tactic Upends DNS

Yahoo! News ^ | 9 January 2005 | Dennis Fisher

[ShadowAce]

Spam Spam Spam Spam Spam Spam Ping

[John Jorsett]

Seems like you could cache responses to DNS queries and use the cache if the last actual DNS query for the domain was less than x minutes old. That would cut down on the net traffic at least.

[Wheee The People]

To effectively end spam, just make it legal to beat the living snot out of the spammers.

[KoRn]

Every company should host their own DNS servers anyway. Not clearly stated by the article, is that an email firewall will do reverse DNS lookups on incoming messages to verify they are coming from where they claim they are in the message header.

If the reverse lookup goes unresolved the message is rejected. I've seen spammers change their domains as much as 4 times per day attempting to prevent being blacklisted by our firewall/filter.

Our company gets about 5,000 emails per day and about 2,700 of them are dropped because they are either spam or contain viri. I sometimes run a tail -f on the maillog file to watch them die in real time lol.

[Rodney King]

What needs to happen is the government needs to make it legal for individuals to track down and bash the heads in of the spammers. That'll put an end to it.

[ShadowAce]

It sure would make for an interesting couple of weeks, huh?

[general_re]

Everybody still has to look it up at least once before they can cache it, though.

[Publius6961]

Seems like you could cache responses to DNS queries and use the cache if the last actual DNS query for the domain was less than x minutes old. That would cut down on the net traffic at least.

Better yet, the problem supplies its own solution. A DNS that hasn't been registered, but receives thousands of queries, should be identified and permanently locked out. Permanently. In addition, a separate list should be made to shunt all further queries to an electronic dead ends for all such conditions.

[smith288]

I dont even understand spamming now. THere is no use in it from a marketing standpoint as it will just be mixed in with thousands of other spam that a user will mass delete if they are not armed with a spam filter.

I have yet to meet a person who looks at their inbox and says "Oh, look, free 'V iCo Den', sweet! [click]".

Its a waste of time for anyone to take part in spamming.

[Rodney King]

I dont even understand spamming now. THere is no use in it from a marketing standpoint as it will just be mixed in with thousands of other spam that a user will mass delete if they are not armed with a spam filter. I have yet to meet a person who looks at their inbox and says "Oh, look, free 'V iCo Den', sweet! [click]". Its a waste of time for anyone to take part in spamming.

Well, logic dictates that you must be wrong i.e. that there must in fact be people who are buying this stuff, or else the spammers wouldn't waste their time, but I don't know.

[Wheee The People]

Its a waste of time for anyone to take part in spamming.

Clearly it isn't...

[Just another Joe]

RE: Tagline

The names have been changed to protect the innocent, lol.

[ghitma]

Tax all spam and advertisements.

[killjoy]

I have yet to meet a person who looks at their inbox and says "Oh, look, free 'V iCo Den', sweet! [click]". Its a waste of time for anyone to take part in spamming.

Even if they get one purchase for each 10,000 emails, they still come out ahead. It costs nothing to send out the mails.

[EDINVA]

H E L P

within the past 20 minutes, every time I have clicked to get to FR or any site within FR, I have gotten the following message:

"POTENTIALLY FRAUDULENT WEB SITE ALERT.....(red circle with the X) then "do you want to visit this potentially dangerous site? The web address you requested is on the Earthlink Scamblocker list of potentially dangerous and fraudulent web sites. Visitors to the site may be at high risk for Identity theft or other financial losses ".. then the Y or N to proceed.

When I hesitated, I got a flashing notice from Earthlink. Can someone at FR get in touch with Earthlink and tell them to take the site off its Scamblocker list?

Thanks

[general_re]

LOL - I wonder sometimes. Hopefully it's just a case of new converts making the biggest zealots ;)

[smith288]

Even if they get one purchase for each 10,000 emails, they still come out ahead. It costs nothing to send out the mails.

Very true, but the risks are far higher than they were 5, even 2 years ago. Its a game not worthy of playing for geeks looking for a fast buck.

[general_re]

Not clearly stated by the article, is that an email firewall will do reverse DNS lookups on incoming messages to verify they are coming from where they claim they are in the message header.

Unless you default to automatically dropping everything your DNS machine can't resolve on its own, that doesn't fix the problem of hammering DNS boxes farther up the heirarchy.

[taxcontrol]

It is these reverse lookups that are overloading the ISPs. I properly constructed business would, like you said, have their own DNS server to do a local lookup against.

However, what about the ISP's email servers? Add to that the load from business that are too small to have their own mail servers or DNS servers and you can see that there can be a significant load on the DNS servers.

Ideally, you would have an email filtering bastion host (email relay server) that would locally store the current DNS table. That way it could locally check the emails for a valid dns name prior to passing on to the internal email server. It could also do the scanning for viruses as well as blacklisted domains, pre and post tagging, etc.