Slashdot Mirror
Spammers' Upend DNS
Saint Aardvark writes "eWeek reports on the latest trick of spammers: getting around DNS-based lookups. By registering a domain *after* the spam goes out advertising it, they can get around blacklists. However, that causes all sorts of problems for ISPs and anti-spam services. Paul Judge, CTO at Ciphertrust, says "Even in large enterprises, it's becoming very common to see a large spam load cripple the DNS infrastructure.""
Email authentication, or the wholesale abandonment of email as a viable communication platform?
When a DNS query goes to an ISPs DNS server, and the entry does not exist, does it go to the root servers?
Secondly, do invalid domain names get cached (I'm thinking not)?
I don't get it.
So I send out a million spams, all saying "go to www.stratjaktsmadeupdomainname.com for hot viagra and lower mortgage payments."
The domain doesn't exist, and people click on it, which "cripples" dns because the dns servers have to respond with a "no such domain name" reply?
How does this cripple them? Was DNS not designed to handle fat-fingered domains gracefully?
What happens, do all the requests for my domain get propogated up the chain, is that the crux of the problem? If so, doesn't DNS update like, quite often (several times a day) now? There's no need to kick all requests up to the top, right?
I don't need no instructions to know how to rock!!!!
The problem with DNS is that it is very slow, and does a lot of things that make lookups too slow and unreliable.
Looking up www.name.com should take no more than three DNS lookups with an empty cache (To root: "com" DNS server has IP 10.1.2.3; to 10.1.2.3: "name.com" has DNS server with IP 10.2.3.4; to 10.2.3.4: "www.name.com" has IP 10.3.4.5). However, because of DNS' poor design, it doesn't work that way; it can take dozens DNS lookups from an empty cache to get "www.name.com".
Some anti-spam group should set up a spam filter that looks for domain names, and registers any that it sees that aren't valid. They would point to a web site that politely explains to users how stupid they are for clicking on a link in spam.
I expect spammers would drop that technique quite quickly if that were done.
Yup. If it shouldn't come in, and it can't be returned, drop it on the floor.
So often times my (l)users ask me why they received an email saying their computer is infected with a virus (bogus bounces due to a virii changing their source addresses)
My servers drop anything that doesn't seem right: virus infections, RBL tagged connections, obviously forged senders, etc. When a message gets delivered to the bit bucket; no more processing, no more network traffic, no more (l)user complaints.
And I never get a complaint.
What's that smell? Ah, that's my karma burning...
Either the journalist drastically misunderstood and misinterpreted what they were told, or one of the people interviewed is launching some magic snake-oil product that'll "solve" this non-existant problem. (Yes, I know exactly what spammers do. That's my job. I know exactly what DNS does, that was my previous job. This article is fiction.)
Overall I agree with this, but my concern is that if you parse the message and find invalid url's then a valid message will be dropped because of a malformed text string. While I suppose that's better than letting more spam through, I would be uneasy about the increase in false positives.
-nB
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
Standard IANAL disclaimer, but:
Couldn't the spammers be sued for causing what amounts to a DOS attack on the recipient mailserver?
Also, if sexual predators and hackers can be barred from going online, and if corrupt executives can be barred from acting as corporate directors, why can't judges ban unrepentant spammers from going online, or carrying on an internet related business? (And extradited if they subsequently set up shop offshore)
My rights don't need management.