Re: [mailop] Spammers mining SPF records (of all things)
On Sat, Mar 11, 2017 at 10:52:21AM +0800, ComKal Networks wrote: > I have noticed the scrapping of whois and dns records > appears to have increased dramatically over the past > 2 years. Both of those are poor sources of email addresses, though: the duplication across many domains and the frequent use of role accounts means that even someone with WHOIS data for 100M domains may only have 30M valid addresses and half of those may be role accounts. (Real data point pulled from some info I have on hand: 790876 domains, 309907 unique email addresses, about 125K of those using obfuscated registration, 3K "hostmaster" or "postmaster", 4K "admin", so roughly 200K or 25% viable spam targets.) I'm not saying they're not doing it: of course they are. I've done some manipulation of WHOIS and DNS records in order to track it, so I've got proof in hand. I'm sure others do as well. I'm just saying that it's not one of the more productive approaches. ---rsk ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Spammers mining SPF records (of all things)
On Sat, Mar 11, 2017, at 16:19, Rich Kulawiec wrote: > On Sat, Mar 11, 2017 at 10:52:21AM +0800, ComKal Networks wrote: > > I have noticed the scrapping of whois and dns records > > appears to have increased dramatically over the past > > 2 years. > > Both of those are poor sources of email addresses, though: the > duplication > across many domains and the frequent use of role accounts means that even > someone with WHOIS data for 100M domains may only have 30M valid > addresses > and half of those may be role accounts. (Real data point pulled from > some info I have on hand: 790876 domains, 309907 unique email addresses, > about 125K of those using obfuscated registration, 3K "hostmaster" or > "postmaster", 4K "admin", so roughly 200K or 25% viable spam targets.) > > I'm not saying they're not doing it: of course they are. I've done > some manipulation of WHOIS and DNS records in order to track it, so > I've got proof in hand. I'm sure others do as well. I'm just saying > that it's not one of the more productive approaches. In my very limited experiments there is far more WHOIS scraping than DNS SOA scraping. I get very little spam to an address that only exists as a SOA record, far more to the WHOIS contacts, especially after registering a new domain. I suspect ICANN's current process of requiring an address that doesn't bounce makes WHOIS a richer source than it otherwise would be, while SOA records are unlikely to be maintained by less technical users (and are more likely to point to a provider who will simply disregard the crap). ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Fwd: [pe...@piermont.com: [Cryptography] ADMIN: Anyone at Microsoft able to lend some assistance?]
Forwarded with permission. Perry's cryptography mailing list is an excellent resource and is very well-run, so any assistance would benefit part of the 'net's crypto community. Thanks, ---rsk - Forwarded message from "Perry E. Metzger" - > Date: Fri, 10 Mar 2017 22:11:41 -0500 > From: "Perry E. Metzger" > To: cryptogra...@metzdowd.com > Subject: [Cryptography] ADMIN: Anyone at Microsoft able to lend some > assistance? > > Sorry for the administrative blast, but email to hotmail and outlook > addresses is bouncing for the list, apparently because the ISP subnet > that the list's SMTP server is on is being blacklisted by Microsoft. > > If anyone at Microsoft could get in touch with me privately so that I > can arrange to get this fixed, I'd appreciate it. > > Perry > -- > Perry E. Metzger pe...@piermont.com - End forwarded message - ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
