Re: [exim] An interesting observation about spam zombies

Top Page

Reply to this message
Author: Richard Pitt
Date:  
To: Marc Perkel
CC: exim-users
Subject: Re: [exim] An interesting observation about spam zombies
Hmmm... over the years I've run into many instances where short TTLs
(and in fact any TTL in some cases) have been ignored by some (many) of
the big ISPs - again, sometimes for a month or more (AOL for example)
These instances were for A records mostly as things like web sites and
ftp sites were moved - but I expect MX records probably get tarred with
the same brush.

Now I'm not saying that this isn't an interesting tidbit - but it might
cause some problems with the big guys (and some little ones who have
misconfigured DNS caches) but "them's the breaks" ;)

richard

On Wed, 2007-08-29 at 10:23 -0700, Marc Perkel wrote:
> As some of you know I get rid of a lot of spam using fake high numbered
> MX records. I'm now doing some interesting experiments. Even though my
> TTL is only 2 hours I notice that if I change my fake high MX to
> different fake high MX that the spam zombies still send email to the old
> fake MX records for many days, sometimes weeks.
>
> My theort is that spam zombies do DNS caching so as to maximize spam
> output by eliminating dns lookups. Thus zombies retain old information
> far longer than they are supposed to.
>
> So I'm experimenting with a blaclisting trick where I change my fake
> high MX records, wait several hours, and then anything that hits the old
> fake MX records are spam zombies.
>
> Thoughts?
>
>

-- 
-
Richard C. Pitt                 Pacific Data Capture
rcpitt@???               604-644-9265
http://richard.pacdat.net       www.pacdat.net
PGP Fingerprint: FCEF 167D 151B 64C4 3333  57F0 4F18 AF98 9F59 DD73