Email Spam Techniques are Causing Major DNS Problems

Thread Title:
Spammers' New Tactic Upends DNS
Thread Description:

This seems to be an unlikely technique to me, i mean, why register the domain at all...

One troublesome technique finding favor with spammers involves sending mass mailings in the middle of the night from a domain that has not yet been registered. After the mailings go out, the spammer registers the domain early the next morning.

By doing this, spammers hope to avoid stiff CAN-SPAM fines through minimal exposure and visibility with a given domain. The ruse, they hope, makes them more difficult to find and prosecute.

The scheme, however, has unintended consequences of its own. During the interval between mailing and registration, the SMTP servers on the recipients' networks attempt Domain Name System look-ups on the nonexistent domain, causing delays and timeouts on the DNS servers and backups in SMTP message queues.

If im missing the point, do fill me in...


I think I've understood it...

I think I've understood it, but I'm not sure. The Can-Spam Act means that you can't use a spoofed address to send your spam mail, but if you use an existing domain, it may be on a blacklist because the DNS records would show it as pointing to the spammer's "bad neighborhood" IP address. Spam filters do DNS lookups on links in emails as part of their filtering.

So, send the spam at midnight with a non-existant domain, the lookups fail and the mail gets through because the domain isn't blacklisted (or listed at all) - it doesn't even resolve. Buy the domain at 6am, and as DNS updates every 5 minutes these days, at 6.05am you're in business and your site is ready to receive clicks. The email address becomes valid at that point too, so you've succeeded in beating the spam filters whilst still respecting the legislation.

Is that it, or would I make for a poor spammer? :)

Souns right

Well, that certainly made sense to me, i think you've nailed it encyclo :) thanks...

Who would have thought that the internet was such a fragile thing eh?

The DNS update thing ...


On a side note (not to hijack your thread, Nick), while I've noticed that some of the (few) domains we purchased recently went live FAST, I and a few others have also noticed a concurrent slowdown in visiting websites because the domain lookups must be performed far more frequently. A colleague suggested that this was due to ISPs having to cache the DNS info -- and perhaps their limited caching space. Left to my own, I think surfing is a more frequent and important activity than domains going live.

I guess this topic falls into the what-will-they-think-of-next sphere.


ISP's haven't changed their cachine regimes at all, the faster dns updates are just a function of them being released centrally more often, so you see it quicker if the ISP hasn't cached it. You can still wait 72 hours for an update if an ISP you route through has the site cached and a cruddy refresh cycle.

Most genuine spammers send from a spoofed address anyway I thought?

Spoofed addresses

Most genuine spammers send from a spoofed address anyway I thought?

Yes, but the URL in the body has got to be valid, otherwise they aren't going to get many buyers. Spam filters do a DNS lookup on that too.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.