----- Original Message -----
From: "Tony L. Svanstrom" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 11, 2003 6:51 PM
Subject: [SAtalk] A new(?) way to fight spam, blocking their DNS
> Tony L. Svanstrom wrote:
>
> > Before I launch a website with this new and oh-so-great service I
> > thought I'd check with you people first, just to see what it is that I'm
> > missing with this oh-so-great idea (most likely that it either exists,
> > or that someone tried it and got sued into next week). =)
> >
> > The idea is pretty simple, for a spammer (or the one paying him) to get
> > his money he needs to have a way for his future customers to contact
> > him, and most of the time that way is based on working
> > DNS-servers/information (esp. these short anti-bayesian/spamfilter
> > porn-spams I've been getting a lot of lately).
> >
> > When a domain is involved in spamming it's added to a list, and whenever
> > a local user is trying to access that website he gets a "hardcoded"
> > IP-address pointing to a server with a "This domain is not available due
> > to spamming"- page; and likewise with e-mails (bouncing with a "not
> > available due to spamming"-message).
Thinking out-loud for a moment, on how to make this work for BIND, for
instance, it would require your DNS server to create "fake" zones for those
domains; which means an RBL host, somewhere, that allows XFERs to your
server.
It is probably a violation of a dozen of RFCs, though. :) Non-authorative
name servers that collectively, cooperatively, decide to fake zone data,
that has to be a violation of probably every rule in the book. :) And it
would probably wreak havoc on inter-DNS server traffic, trying to sort out
the conflicting mess.
In my own BIND I could easily define a fake zone for, say, microsoft.com;
and then people using my name servers would be affected. But large-scale
ISPs doing this, I dunno; it does not seem wise to sabotage DNS on such a
world-wide scale.
Also, who would you accept zone data from? One "root" host? That is not a
trivial question; since none of the cooperating name servers are authorative
for the blacklisted domains, determining who to trust zone data from will be
a real trick.
Also, what happens if we need to delist a host? Instead of querying one RBL
host that simply no longer has the IP address on its lists, now you will
need widespread DNS propagation for updated zone files.
A DNS proxy would work, though; but only if the user uses a cooperating name
server, of course.
But the problem is, there are more email servers than there are ISPs, of
course. Take hotmail, for instance; likely millions of people have a hotmail
account; but none of them uses hotmail as their ISP; read: uses their name
servers to lookup domains. So, this would only work on the Internet provider
level. And even then a user could always someone else's name servers.
Hmm, the soup is getting colder. :(
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
