At 11:32 PM 9/12/97 -0500, Conrad Sabatier wrote:
Here's a novel and interesting idea I ran across recently. I haven't yet
gotten around to actually setting up a procmail recipe to test this method,
but it does sound extremely clever!
[snip - DNS lookup for each email]
Uhm, generally neat idea, but you should realize a couple of things:
* LOADS of these spams are coming in being injected from dialup accounts
on services like AOL and Compuserve. The From address is often entirely
forged, if not most of the header.
* Do you do this for the FROM/SENDER/REPLY-TO and anything you can parse
from an originating received-by line? Often, these are each different -
and many are still invalid.
Instead, why not look to periodically update
cyberpromo/nancynet/quantumm/etc spamdomain lists?
With such a list of domains (mine is right around 1000 spam domains total),
you can simply egrep the message headers for occurrences of any of the
domains. While not exceptionally fast (lots of matches to attempt), it
will be faster than attempting multiple DNS lookups (not to mention that
DNS occasionally fails).
I know that Spammy the Sperm blocks TCP access to his nameservers (meaning
NSLOOKUP no workee to retrieve a list of his served domains, while
individual UDP DNS lookups still work). Doesn't affect the method you
outlined, but it does make refreshing a list difficult.
Does anyone know how to swing a lookup with interNIC (or elsewhere) to
query for all records using a nameserver within a specific domain? Anybody
have acquaintences at InterNIC who might export this info periodically for
the betterment of the net?
---
Please DO NOT carbon me on list replies. I'll get my copy from the list.
Sean B. Straw / Professional Software Engineering
Post Box 2395 / San Rafael, CA 94912-2395