You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Chris Santerre <cs...@MerchantsOverseas.com> on 2005/04/22 16:44:00 UTC
RE: [SURBL-Discuss] RE: Research wanted: age of spam gang URI dom
ains
Agreed John. What I saw was patterns, and the dates of the domains involved
in the patterns corelated. It wasn't anything worth tagging off of, but an
interesting bit of data none the less.
When you get what appears to be 3 different spammers, with spam runs within
days of each other, all using domains that have connections in their
data...it gets the mind a wondering :)
--Chris
>-----Original Message-----
>From: John_Delisle@ceridian.ca [mailto:John_Delisle@ceridian.ca]
>Sent: Friday, April 22, 2005 10:27 AM
>To: SURBL Discussion list
>Cc: discuss-bounces@lists.surbl.org; SURBL Discuss; SpamAssassin Users
>Subject: Re: [SURBL-Discuss] RE: Research wanted: age of spam gang URI
>domains
>
>
>Even if data re average age of the domains, wouldn't they just start
>registering them earlier so as to not match that pattern?
>
>John Delisle, CISA
>Senior Network Analyst, Network and Security Team
>Information Systems & Technology Management Dept.
>Ceridian Canada Ltd
>600 - 125 Garry St
>Winnipeg, MB
>R3C 3P2
>204-975-5909
>
>
>
>
>Chris Santerre <cs...@MerchantsOverseas.com>
>Sent by: discuss-bounces@lists.surbl.org
>04/22/2005 08:05 AM
>Please respond to
>SURBL Discussion list <di...@lists.surbl.org>
>
>
>To
>"'Jeff Chan'" <je...@surbl.org>, SURBL Discuss
><di...@lists.surbl.org>,
>SpamAssassin Users <us...@spamassassin.apache.org>
>cc
>
>Subject
>[SURBL-Discuss] RE: Research wanted: age of spam gang URI domains
>
>
>
>
>
>
>
>
>>-----Original Message-----
>>From: Jeff Chan [mailto:jeffc@surbl.org]
>>Sent: Thursday, April 21, 2005 7:46 PM
>>To: SURBL Discuss; SpamAssassin Users
>>Subject: Research wanted: age of spam gang URI domains
>>
>>
>>Does anyone have research or references for the age profiles of
>>domains appearing in the URIs of spam gang (i.e. Ralsky, Lindsay,
>>Richter, etc.) spams? In other words, how old are the domains of
>>sites being spamvertised *by spam gangs*? (By age I mean how
>>long ago they were (most recently) created.)
>>
>>Jeff C.
>
>Off the top of my nogging, I've seen the major guys be about
>1-3 days from
>registering.
>
>However......
>
>I also saw a pattern a few spammers using ones registered 3
>months prior.
>This is when I began to theorise that there was possibly a spam domain
>service. Someone simply registering domain names full time,
>then selling
>them out to other spammers. I started researching the idea,
>then got busy
>on
>other stuff.
>
>When things settle I'll try to pick back up on the research.
>Sorry I don't
>have any hard data for you.
>
>--Chris
>_______________________________________________
>Discuss mailing list
>Discuss@lists.surbl.org
>http://lists.surbl.org/mailman/listinfo/discuss
>
>
>_______________________________________________
>Discuss mailing list
>Discuss@lists.surbl.org
>http://lists.surbl.org/mailman/listinfo/discuss
>