Posted on 01/10/2005 10:05:01 AM PST by ShadowAce
Although some ISPs and legislators are crediting the year-old CAN-SPAM Act and better technology for recent gains in the war on spam, many in the industry say the advances are forcing spammers to employ new tactics, which are destabilizing the Internet's crucial DNS.
One troublesome technique finding favor with spammers involves sending mass mailings in the middle of the night from a domain that has not yet been registered. After the mailings go out, the spammer registers the domain early the next morning.
By doing this, spammers hope to avoid stiff CAN-SPAM fines through minimal exposure and visibility with a given domain. The ruse, they hope, makes them more difficult to find and prosecute.
The scheme, however, has unintended consequences of its own. During the interval between mailing and registration, the SMTP servers on the recipients' networks attempt Domain Name System look-ups on the nonexistent domain, causing delays and timeouts on the DNS servers and backups in SMTP message queues.
"Anti-spam systems have become heavily dependent on DNS for looking at all kinds of blacklists, looking at headers, all of that," said Paul Judge, a well-known anti-spam expert and chief technology officer at CipherTrust Inc., a mail security vendor based in Atlanta. "I've seen systems that have to do as many as 30 DNS calls on each message. Even in large enterprises, it's becoming very common to see a large spam load cripple the DNS infrastructure."
The DNS handles address look-ups for all Web sites on the Internet, translating natural language names into IP addresses. But its first use was as a look-up service for mail records, and it continues to be used for the billions of e-mail messages traversing the Internet daily.
The CAN-SPAM Act, which went into effect at the beginning of last year, was designed to reduce spam by making it illegal to send messages with spoofed addresses. One spammer already has been sentenced to jail for violating the law, and America Online Inc. said recently that the threat of prosecution, along with better filtering, has helped reduce spam complaints by 75 percent.
In reality, experts say, spammers shut down DNS access to domains that they control after as few as 12 hours to prevent ISPs or law enforcement officials from tracking them down. This tactic also wreaks havoc with the DNS as mail servers trying to return undeliverable messages will continue to perform DNS queries on the defunct domain.
"We've had to reset our architecture to make nine DNS look-ups, which is an insane amount. And we've bought a bunch of workstations and small servers to use as redundant DNS servers because of the load," said Bill Franklin, president of Zero Spam Network Corp., an anti-spam hosting provider based in Coral Gables, Fla. "The DNS system is a good warning indicator."
More troubling than the DNS problems is that there is little ISPs and enterprises can do, other than buying more capacity and setting up redundant DNS servers.
"We have to figure out how to taper DNS services gracefully rather than having catastrophic failures," said Paul Mockapetris, the author of the first DNS implementation and chief scientist at Nominum Inc., based in Redwood City, Calif. "Mail look-up was the first application put on top of DNS after I designed it, and I was so excited to see that. And now, 20 years later, people are trying to figure out how to stop doing mail look-up on DNS. It's bizarre."
Spam Spam Spam Spam Spam Spam Ping
Seems like you could cache responses to DNS queries and use the cache if the last actual DNS query for the domain was less than x minutes old. That would cut down on the net traffic at least.
To effectively end spam, just make it legal to beat the living snot out of the spammers.
What needs to happen is the government needs to make it legal for individuals to track down and bash the heads in of the spammers. That'll put an end to it.
It sure would make for an interesting couple of weeks, huh?
Everybody still has to look it up at least once before they can cache it, though.
Better yet, the problem supplies its own solution. A DNS that hasn't been registered, but receives thousands of queries, should be identified and permanently locked out. Permanently. In addition, a separate list should be made to shunt all further queries to an electronic dead ends for all such conditions.
I dont even understand spamming now. THere is no use in it from a marketing standpoint as it will just be mixed in with thousands of other spam that a user will mass delete if they are not armed with a spam filter.
I have yet to meet a person who looks at their inbox and says "Oh, look, free 'V iCo Den', sweet! [click]".
Its a waste of time for anyone to take part in spamming.
Well, logic dictates that you must be wrong i.e. that there must in fact be people who are buying this stuff, or else the spammers wouldn't waste their time, but I don't know.
Clearly it isn't...
The names have been changed to protect the innocent, lol.
Even if they get one purchase for each 10,000 emails, they still come out ahead. It costs nothing to send out the mails.
H E L P
within the past 20 minutes, every time I have clicked to get to FR or any site within FR, I have gotten the following message:
"POTENTIALLY FRAUDULENT WEB SITE ALERT.....(red circle with the X) then "do you want to visit this potentially dangerous site? The web address you requested is on the Earthlink Scamblocker list of potentially dangerous and fraudulent web sites. Visitors to the site may be at high risk for Identity theft or other financial losses ".. then the Y or N to proceed.
When I hesitated, I got a flashing notice from Earthlink. Can someone at FR get in touch with Earthlink and tell them to take the site off its Scamblocker list?
Thanks
LOL - I wonder sometimes. Hopefully it's just a case of new converts making the biggest zealots ;)
Very true, but the risks are far higher than they were 5, even 2 years ago. Its a game not worthy of playing for geeks looking for a fast buck.
Unless you default to automatically dropping everything your DNS machine can't resolve on its own, that doesn't fix the problem of hammering DNS boxes farther up the heirarchy.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.