North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: [eweek article] Window of "anonymity" when domain exists, whoisnot updated yet
On Tue, 11 Jan 2005, Suresh Ramasubramanian wrote: > and it is being abused - well, nanog found out about this a while > back, but the popular press (read - eweek magazine) seems to have > discovered it now, or at least think they've discovered it .. their > idea of the situation is a bit skewed. > ... > http://www.eweek.com/article2/0,1759,1749328,00.asp "One troublesome technique finding favor with spammers involves sending mass mailings in the middle of the night from a domain that has not yet been registered. After the mailings go out, the spammer registers the domain early the next morning." Well, spammers do sometimes register domains after mass mailing has already started. Its partial result of that spammer enterprises are no longer centralized and so one company that actually hosts websites that are being promoted is not necessarily same company that is doing mass mailing. Sometimes the order-taker spammer tells the mass-mailing spammer new domain to use for the spam compaign before domain is even registered - and while they expect to register it at the time mailing gets started their synronization may not be precize and in any case they actually prefer the first few people who receive such emails to not be able to get to the website (no whois and no dns - no chance to report it to hosting and quickly shut it down). But as article specifically mentions sending during the night and registration next morning that does seem to indicate eweek found out about "no whois" but with already registered domain, i.e. see > http://www.mail-archive.com/[email protected]/msg28312.html > > > Read NANOG archives - Verisign now allows immediate (well, within about 10 > > minutes) updates of .com/.net zones (also same for .biz) while whois data is > > still updated once or twice a day. That means if spammer registers new domain > > he'll be able to use it immediatly and it'll not yet show up in whois (and so > > not be immediatly identifiable to spam reporting tools) - and spammers are in > > fact using this "feature" more and more! -- William Leibzon Elan Networks [email protected]
|