Re: [anti-spam-wg@localhost] New spammer DNS trick
- Date: Mon, 26 Jan 2004 10:42:27 +0100 (MET)
On Sun, 25 Jan 2004, der Mouse wrote:
> nepzzz.com is spamvertised. Its registration specifies nameservers in
> nictxt.com. nictxt.com has been taken over by its registrar,
> apparently for invalid contact info (and good for them). But they
> didn't go quite far enough; while querying the gtld-servers.net servers
> for nictxt.com returns NXDOMAIN, querying them for nepzzz.com returns
> delegation NS records under nictxt.com _with glue A records_, thereby
> defeating the registrar's attempted removal of the domain.
> In each case, I sent a message suggesting that rather than just
> pointing it at their own servers, they point the domain at the names
> the spammers used (which require glue records) but supply glue pointing
> to the registrar's server(s), thereby getting the glue the spammers
> injected into the gtld-servers system replaced.
Shouldn't the Registries just not accept bogus glue instead? netpzzz.com
should never have NS/A glue for itself in the .com zone if it's using nictxt.com
nameservers.
Maybe Bill Gates's stupid comment about spam being dead in two years means
Microsoft is going to roll-out their DNSSEC aware resolver soon? :)
Paul, dreaming...