New Spam Tactic Wreaks Havoc with DNS   1/10/2005 - 884 views,

This one, interestingly enough, is being attributed to spammers’ concerns over running afoul of CAN-SPAM, and so trying to end run it instead. Specifically, it is claimed, they are trying to avoid the stiff penalties which can be associated with sending email and using a misleading or flat-out bogus domain in the “from” information.

The way it works is this: The spammer sends out a spam run of however many thousands of pieces of spam, late in the middle of the night, “from” a domain which they are just about to really register themselves, but have not yet done so. In the morning they register the domain. This gives the spam time to get out before the domain can get shut down, then the domain comes online, and is a real domain. The thought is apparently that this will give them some immunity from CAN-SPAM prosecutions, as the domain now really exists (until it’s shut down due to spam complaints, at least).

Of course, they are completely wrong in that thought, but nobody has ever accused spammers of having brilliant legal minds. Not even Canter and Siegel, the original Green Card spammers (who were, in fact, lawyers, Aunty is ashamed to admit). Given that the domain does not exist when they sent out the spam they are still completely afoul of CAN-SPAM.

But that’s their problem.

What is your problem is that the spam, coming “from” a not yet existent domain, can break your DNS, as it causes time outs, and backups on the old SMTP turnpike. As the DNS lookup times out, the receiving system will continue to try to find that nonexistent domain, doing repeated DNS lookups, clogging the system, and potentially leading to a system failure.

So, IT folks, be aware of this issue, and stay on top of your mail infrastructure so that you can adjust it accordingly.