In <20040311024123(_dot_)GA31369(_at_)dumbo(_dot_)pobox(_dot_)com> Meng Weng
Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:
I'm not sure that blocking DNS servers will be useful as a long-term
strategy, because zombie machines can start running DNS servers
themselves, and then we'll have Yet Another MTAMark Proposal but aimed
at port 53 instead of port 25..
Updating name servers requires you to go through your registrar and
have them propogate through the TLD servers. This is *much* slower
than switching A records or switching domain names during a spam run.
Creating a completely new nameserver is even slower and I think that
if spammers start to try to flood the root servers with lots of new
name servers, there will quickly be even more restrictions put in place.
Anti-spammers are currently using common name servers, and it is a
useful technique. I think it will remain useful in the long-term.
Blocking based on registrar might make more sense, but that opens the
door again to the mismatch between principal and provider which bedevils
the DNSBL field. When spammers hide behind forgery, a reputation that
properly belongs to the principal instead attaches to the provider.
Domain-based authentication is a way to pierce that veil.
There are clearly some registrars that take a very anti-spam stance
(GoDaddy being the most notable). While I agree that there are
problems similar to many DNSBLs, it is worth noting that DNSBLs put a
lot of preasure on ISPs to keep things clean. As a result, even
though I don't use SPEWS in any way, I benefit from the existance of
SPEWS. I think it is safe to say that there will be sufficient
numbers of mail admins that will use the registrar information to
judge whether to accept email that many registrars will try to keep
clean.
Greylisting, etc may be a valid way to impose a cost on spammers
churning through new domains.
Agreed.
-wayne