Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spammers Moving To Disposable Domains

Posted by timothy on from the filling-up-our-landfills dept.

Trailrunner7 writes "Spammers and the botnet operators they're allied with are continuing to adapt their techniques to evade security technologies, and now are using what amount to disposable domains for their activities. A new report shows that the spammers are buying dozens of domains at a time and moving from one to another as often as several times a day to prevent shutdowns. New research shows that the amount of time that a spammer uses a given domain is basically a day or less. The company looked at 60 days worth of data from their customers and found that more than 70 percent of the domains used by spammers are active for a day or less."

9 of 147 comments (clear)

  1. Good, it's costing them money by Anonymous Coward · · Score: 2, Interesting

    Assuming they're not "tasting" it's going to cost them about $10 a pop.

    1. Re:Good, it's costing them money by socz · · Score: 3, Interesting

      You hit the nail on the head! Domains in bulk are a lot cheaper. I'm getting a decent deal with about 8-10 domains, but I know it could be better if I had more! So they're probably buying them up in 100's at a time (I would!).

      But, what I suspect could be happening, is that they're actually working with a top level registrar who can get them at the cheapest price possible and probably gets a % back of what the spammer makes. Just a thought.

      --
      My abilities are only limited by my imagination
  2. so a new rule for email filtering? by TravisHein · · Score: 4, Interesting

    in addition to a commonly accepted practice of doing a reverse domain name lookup on who is sending you email, where by rejecting email from bogus domains, no domain, to now also have the mail server also do a whois lookup, and arbitrarily reject email from a domain that has been registered less than a few days ago?

    1. Re:so a new rule for email filtering? by fifedrum · · Score: 3, Interesting

      there are email reputation providers out there who can tell you things like that. It may even be free (it is for us anyway)

  3. Filtering out new domains? by HikingStick · · Score: 2, Interesting

    They obviously are making enough money to afford the registration fees. I wonder if there would be a way to greylist/blacklist new domains, though that simply might mean that spammers would sit on the domain for a period of weeks or months before using them. Still, would there be a way to flag young domains so that they end up with higher scores in various spam filters?

    --
    I use irony whenever I can, but my shirts are still wrinkled...
  4. Validate domain ownership by Animats · · Score: 4, Interesting

    When you buy a domain, you should be mailed a letter with an activation code, sent to the registrant address. No valid mailing address, no domain activation.

  5. I don't understand spam folders by XanC · · Score: 3, Interesting

    This is why spam folders should be Considered Harmful. Effectively, it's a delivery failure without a notice. You should either accept mail or reject it, not pretend to accept it and then stash it someplace where nobody reads it.

    Using a spam folder treats outright, obvious spam with more courtesy than the borderline stuff.

  6. Re:One maybe bad aspect of IPv6? by shentino · · Score: 2, Interesting

    To make a TCP connection both ends have to have routable addresses.

    Sooner or later either they'll all have common subnets, or they'll cause a noticeable spike in routing traffic.

  7. The 'tasting' comments confirm, this is not new. by rickb928 · · Score: 2, Interesting

    I've been seeing this for at least five years. First, tasting was the preferred method. Now it seems some serious spammers have an 'in' with a registrar, where by the time I get to looking up the whois, the domain is gone and no longer registered. Not even the previous whois is available.

    I can't imagine that allowing someone to register a domain for a few days or even less, and then deleting all trace of the registration, is permitted by ICANN, but they haven't been able to police registrars very well at all for a decade now. Between the obvious front-running, search scanning, and tasting scams, most registrars are just plain shady. A pox on them all. It's gotten to the point that when someone asks me to look up a domain to see if it's available, I tell them to make the decision, and I will try to register it for them. For a while now, EVERY domain I've checked on was available when I looked it up, and minutes later it was gone.

    I'm not the dullest turnip to fall off the truck last night. Front-runnng is a scam. Disposable domains are not new. This article is at least 5-6 years late.

    --
    deleting the extra space after periods so i can stay relevant, yeah.