You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Michael Monnerie <mi...@it-management.at> on 2006/06/12 08:53:39 UTC
New spam type - sender domain quickly deleted
Dear list,
yesterday I've got some new kind of spam:
X-Envelope-From: ahlers@abruxateatro.com
Received: from abruxateatro.com (unknown [210.245.161.31])
by power2u.goelsen.net (Postfix) with SMTP id ____________
for <_____________>; Sun, 11 Jun 2006 18:25:57 +0200 (CEST)
X-Envelope-From: ahlers@acidstufftv.com
Received: from acidstufftv.com (unknown [210.245.161.31])
by power2u.goelsen.net (Postfix) with SMTP id ____________
for <_____________>; Sun, 11 Jun 2006 18:25:58 +0200 (CEST)
These domains don't exist now, but obviously did yesterday. Did anybody
else see such SPAM? How can I check if a domain ever existed?
Is anybody working on a check for new domains, so that you could say "if
a domain is newer than 2 days, temporary reject"?
mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0660/4156531 .network.your.ideas.
// PGP Key: "lynx -source http://zmi.at/zmi3.asc | gpg --import"
// Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE
// Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE
Re: New spam type - sender domain quickly deleted
Posted by Michael Monnerie <mi...@it-management.at>.
On Montag, 12. Juni 2006 10:03 Jamie L. Penman-Smithson wrote:
> On 12 Jun 2006, at 07:53, Michael Monnerie wrote:
> > yesterday I've got some new kind of spam:
> >
> > X-Envelope-From: ahlers@abruxateatro.com
> > Received: from abruxateatro.com (unknown [210.245.161.31])
> > by power2u.goelsen.net (Postfix) with SMTP id ____________
> > for <_____________>; Sun, 11 Jun 2006 18:25:57 +0200 (CEST)
> >
> > X-Envelope-From: ahlers@acidstufftv.com
> > Received: from acidstufftv.com (unknown [210.245.161.31])
> > by power2u.goelsen.net (Postfix) with SMTP id ____________
> > for <_____________>; Sun, 11 Jun 2006 18:25:58 +0200 (CEST)
> >
> > These domains don't exist now, but obviously did yesterday. Did
> > anybody
> > else see such SPAM? How can I check if a domain ever existed?
> > Is anybody working on a check for new domains, so that you could
> > say "if
> > a domain is newer than 2 days, temporary reject"?
>
> abruxateatro.com still exists in DNS. although it looks like just a
> "domain parked" site:
Oh, I got fooled by:
# whois abruxateatro.com
NO DOMAIN (1)
So, that domain at least exists. Could there be a check for whether a
domain has an MX record, and if not give it some points? Would make
sense, I guess, because normally e-mail is two-way...
And what about the acidstufftv.com domain?
mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0660/4156531 .network.your.ideas.
// PGP Key: "lynx -source http://zmi.at/zmi3.asc | gpg --import"
// Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE
// Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE
Re: New spam type - sender domain quickly deleted
Posted by "Jamie L. Penman-Smithson" <li...@silverdream.org>.
On 12 Jun 2006, at 07:53, Michael Monnerie wrote:
> yesterday I've got some new kind of spam:
>
> X-Envelope-From: ahlers@abruxateatro.com
> Received: from abruxateatro.com (unknown [210.245.161.31])
> by power2u.goelsen.net (Postfix) with SMTP id ____________
> for <_____________>; Sun, 11 Jun 2006 18:25:57 +0200 (CEST)
>
> X-Envelope-From: ahlers@acidstufftv.com
> Received: from acidstufftv.com (unknown [210.245.161.31])
> by power2u.goelsen.net (Postfix) with SMTP id ____________
> for <_____________>; Sun, 11 Jun 2006 18:25:58 +0200 (CEST)
>
> These domains don't exist now, but obviously did yesterday. Did
> anybody
> else see such SPAM? How can I check if a domain ever existed?
> Is anybody working on a check for new domains, so that you could
> say "if
> a domain is newer than 2 days, temporary reject"?
abruxateatro.com still exists in DNS. although it looks like just a
"domain parked" site:
;; QUESTION SECTION:
;www.abruxateatro.com. IN A
;; ANSWER SECTION:
www.abruxateatro.com. 300 IN A 69.25.212.153
;; AUTHORITY SECTION:
abruxateatro.com. 172671 IN NS ns.1.name.net.
abruxateatro.com. 172671 IN NS ns.2.name.net.
You might want to take a look at red.uribl.com, althought it's not
"actively maintained" ..yet:
# red.uribl.com - Experimental list for new domain registrations and
mass moves between registries that we define as spam supporters or
facilitators. This zone is not actively maintained currently, but we
have big plans for it ;) Oh ya, use at your own risk.
-j