negative caching of throwaway spam domains - DNS

This is a discussion on negative caching of throwaway spam domains - DNS ; Hi, We have 3 spam filtering machines that each run a bind caching nameserver to help with rbl lookups, etc.. After mail passes through these machines it goes to our mail hub. Every so often, a spam from a throwaway ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: negative caching of throwaway spam domains

  1. negative caching of throwaway spam domains

    Hi,

    We have 3 spam filtering machines that each run a bind caching
    nameserver to help with rbl lookups, etc..
    After mail passes through these machines it goes to our mail hub.

    Every so often, a spam from a throwaway spam domain will get through the
    spam filtering machines to the mailserver hub. The caching nameserver on
    the spam filtering machine will be able to lookup the sender's hostname,
    so sendmail accepts it.

    But, sendmail, on the mailserver hub will bounce it back to the spam
    filtering machine with an error.. 'Domain of sender address
    jthlhiyue@halosalbum.com does not exist'. (that one is from this am..
    registered yesterday by a spammer).

    The question is, is there something I can do to, other than telling the
    mail filter machines to all use the same instance of bind to avoid this
    happening?

    Also, a bit off topic, but it occurs to me that this kind of information
    is useful in spam fighting. Are there any rbls out there that list all
    domains registered in the last 48 hrs?

    Thanks for any ideas!

    Ken A
    Pacific.Net



  2. Re: negative caching of throwaway spam domains

    In article , Ken A wrote:

    > Hi,
    >
    > We have 3 spam filtering machines that each run a bind caching
    > nameserver to help with rbl lookups, etc..
    > After mail passes through these machines it goes to our mail hub.
    >
    > Every so often, a spam from a throwaway spam domain will get through the
    > spam filtering machines to the mailserver hub. The caching nameserver on
    > the spam filtering machine will be able to lookup the sender's hostname,
    > so sendmail accepts it.
    >
    > But, sendmail, on the mailserver hub will bounce it back to the spam
    > filtering machine with an error.. 'Domain of sender address
    > jthlhiyue@halosalbum.com does not exist'. (that one is from this am..
    > registered yesterday by a spammer).
    >
    > The question is, is there something I can do to, other than telling the
    > mail filter machines to all use the same instance of bind to avoid this
    > happening?


    What's the problem? Don't you want spam to be blocked? You'd prefer
    that it be blocked at the filter, but if not it gets blocked at the hub.

    If you don't want filtering on the hub, why do you have it checking
    whether the sender domain exists?

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    *** PLEASE don't copy me on replies, I'll read them in the group ***



  3. Re: negative caching of throwaway spam domains

    Barry Margolin wrote:
    > In article , Ken A wrote:
    >
    >
    >> Hi,
    >>
    >> We have 3 spam filtering machines that each run a bind caching
    >> nameserver to help with rbl lookups, etc..
    >> After mail passes through these machines it goes to our mail hub.
    >>
    >> Every so often, a spam from a throwaway spam domain will get through the
    >> spam filtering machines to the mailserver hub. The caching nameserver on
    >> the spam filtering machine will be able to lookup the sender's hostname,
    >> so sendmail accepts it.
    >>
    >> But, sendmail, on the mailserver hub will bounce it back to the spam
    >> filtering machine with an error.. 'Domain of sender address
    >> jthlhiyue@halosalbum.com does not exist'. (that one is from this am..
    >> registered yesterday by a spammer).
    >>
    >> The question is, is there something I can do to, other than telling the
    >> mail filter machines to all use the same instance of bind to avoid this
    >> happening?
    >>

    >
    > What's the problem? Don't you want spam to be blocked? You'd prefer
    > that it be blocked at the filter, but if not it gets blocked at the hub.
    >
    > If you don't want filtering on the hub, why do you have it checking
    > whether the sender domain exists?
    >
    >

    The problem is that sendmail on the mail hub tries to send a
    non-delivery notification back to the sender. Those notices spool on our
    mailserver destined for throwaway spam domains that don't accept mail,
    or worse, do!
    Thanks,
    Ken A
    Pacific.Net



+ Reply to Thread