Author: Pat Lashley Date: To: exim-users Subject: Re: [Exim] Reading the nameserver info from remote host
> ----- Original Message ----- > From: "Marc Perkel" <marc@???>
>
>> Just a thought in the never ending battle against spam.
>>
>> Whould it be possible - or could it be added to exim - a way to look up
>> the nameservers of a given host? In other words - when a host connects
>> to deliver email - I want to know what name server has the authority
>> over the domain it is coming from - or perhaps claim to come from.
>>
>> If I am a spammer and I've registered domains - I have to point those
>> domains at my own name server which has a fixed IP address. Maybe there
>> is a clue there for identifying spam.
The problem with this is that spammers bounce their messages through
open relays; and increasingly through virus-infected Windows machines
on dial-up/cable/DSL connections. In those cases the nameserver(s)
will be those of the victims, not the perpetrators. And in many cases,
they will be the same nameservers that are used by the legitimate mail
servers for the victims' domains.
The spammer's registered domains will usually occur in a HTTP link
in the body of the message, where it is already available to the
spam filters. It might help the filters if they could know the NS
of domains appearing in the body; but extracting that info is beyond
the scope of the MTA. (Aside from MIME and HTML parsing, you'd need
to handle all of the obfuscation techniques used by the spammers.
Some spam filters do some or all of that already; so they are probably
the right place to add a DNS NS lookup.)
