TIP: Click on subject to list as thread!

ANSI

echo:	alt-comp-anti-virus
to:	ALL
from:	VIRUS GUY
date:	2014-11-01 23:35:00
subject:	Re: An Urgent Court Notic
David Ritz wrote: > >> The only way you can determine ... > > > There is one other way ... > > Would you like a pony with sprinkles on top, to go with that? If we're discussing what features a DNSbl offers (or could offer) on their web portal, then there's no need to be childish about it. I fully realize that by giving any sort of info (like first seen, last seen, or both) that a DNSbl could be providing spammers with a way of knowing the identity of spamtrap addresses. But by providing first/last seen info in a non-machine-readable way (as bitmapped image, using mild captcha-style alteration) that would go a long way to making such efforts much more labor intensive. The way I see it, based on the history of many accounts that have existed on my system going back 10+ years and their history of being cancelled (yet still experiencing attempted delivery), it points to my impression that spammers are incredibly sloppy when it comes to address list management, and any address that has ever existed in the past is never taken off lists regardless how many "non-existent account" errors their zombie relays receive during spam runs. > DNSbls generally do not include the date and time information DNSbl's are only a curiosity from my point of view - seeing that my server is not actually tied into them in the first place. > I would seriously recommend including C&C warnings, when you do. Whether or not any DNSbl's include C&C hosts is of no concern or use to me, but I am curious as to whether C&C's are actually used to send spam (directly - direct-to-mx that is). The way I see it, there are far fewer C&C hosts for any given botnet, and they would be far more valuable (from an identity and discovery pov) than to be used for sending spam. If this is true (that in theory they are never used to emit spam) then their presence in DNSbl's used by SMTP servers would be irrelavent. Which would lead to the question - just how would one make use of a blocking entry for a C&C IP? An organization's inbound/outbound firewall? Does such use actually happen? --- NewsGate v1.0 gamma 2 * Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.