[Top] [All Lists]

Re: Spammer-slammer algorithm

1997-10-22 22:10:31
At 07:05 PM 10/22/97 -0500, Andrew wrote:

Here's an idea I came up with today:

The spammers can keep getting new domains, sure, but almost all the spam
domains are served by a collection of what, maybe 20 nameservers.  How
about checking the NS record of the domains on any incoming mail?  If the
NS record is one of the spammer nameservers, /dev/null it.

Definatley more than 20 nameservers.  Then there are the rogues - ISPs that
service a lot of respectible customers, but also serve spam domains - you
run the risk of trashing all the respectible mail if you do this without

I'm currently using a process of grepping the root files from the InterNIC
(which recently became non-public - I have a NIC account though).  Take a
known spam host (such as and grep the root file.  All
domains being served directly by it will show up.

I haven't polished the process, and it certainly isn't an automated process
conducted on incoming mail (the .COM + .NET + .ORG is about 196MB
currently, not something you want to be grepping whenever you get mail).

In effect, the above concept would automagically maintain a list of spam

I would be very interested in seeing someone develop a "whois-on-demand"
with cache - mail matching one domain list would be passed through, mail
matching another would be rejected, and everything else would be whois'd
and if invalid or hosted by a domain in the reject file, the domain would
be added to the reject list, and the message rejected.  Otherwise, it'd be
passed through.  If you get it and it is spam, at your option you could
forward the message to yourself (say, at a plussed address, or with a
subject keyword), and a different recipe would take it and add the
domain/address to the reject file.

I have a simple recipe which allows me to send an address to procmail for
killfiling, something similar can be used for submitting parent domains for
domain killing.  This uses plussed addresses (when in fact, mine doesn't),
so you should check that your mail supports this useful feature:

# Twit Database

# Submission Address (I can send a message here to include someone).
# Subject field is address.
* ^TOYourUID\+TwitSubmit(_at_)maildomain
| FROM=`formail -xSubject:` ;\
  echo $FROM >> $TWITLIST

 Please DO NOT carbon me on list replies.  I'll get my copy from the list.

 Sean B. Straw / Professional Software Engineering
 Post Box 2395 / San Rafael, CA  94912-2395

<Prev in Thread] Current Thread [Next in Thread>