On Wednesday, October 22, 1997 20:06, Andrew [SMTP:aos(_at_)insync(_dot_)net]
wrote:
The spammers can keep getting new domains, sure, but almost all
the spam domains are served by a collection of what, maybe 20
nameservers. How about checking the NS record of the domains
on any incoming mail? If the NS record is one of the spammer
nameservers, /dev/null it.
The problem with your idea is that sleazy spammers will simply
forge domain names. Just ask the innocent people at "flowers.com"
and "live.com", who got bombarded with hate mail and threatening
phone calls because spammers forged their domain names on spam.
This may sound like I'm pounding a drum, but I only trust the last
incoming IP address (and even then a hacker might possibly spoof
an IP address).
However, combining your idea with my idea might be another leap
forward. Are copies of the InterNIC database publicly available,
or can "whois" be queried to list all the IP address blocks served
by a nameserver? If so, then we could compile a list of IP address
blocks serviced by those servers. This would be much more
manageable as a list in the .procmailrc file. One IP block can
contain dozens, even thousands of domain names. And a list of IP
blocks would change much more slowly than a list of domain names.
PS, could you please just reply to the list? If you reply to me
and the list, I get two copies.
Walter Dnes
<waltdnes(_at_)interlog(_dot_)com>