[geeklog-devtalk] Spam warnings?

[Dirk Haun]

Michael,


>Good point about the age of the domains.


Actually, my post was somewhat misleading: The 2 domains in question were
originally registered back in 2002, but only recently used for the spam runs.

They were, however, last updated on March 19th.



>Is there merit in writing a filter based on the ages of domains 

>appearing in links? Or based on the name/email of the domain's owner?


The contact address for vrajitor DOT com, for example, looks bogus:

Registrant:
        James
        111 W 55 Street
        NYC
        NY
        US
        10012

As does the administrative contact (unless there's really a city named
"Correctionville" in Arizona).

I submitted this on <http://wdprs.internic.net/> now, just for kicks. I
don't really expect anything from it, but I've always wanted to try it
out anyway.

Furthermore, the DNS for this domain is ro7kalbe DOT com - the other
domain used in the same spam run. Bogus addresses there as well. The same
scheme can also be found with today's domains: registrarprice DOT com
uses bnetsol DOT com as the DNS.

I guess each spammer has its own system. If you read up on the Bulgarians
(the poker spammers, who also own all the domains mentioned above), there
is a certain system in how they do things. But other spammers most likely
have their own ways.

A human can easily see that something's bogus - it's much harder to write
a program that does the same ...

bye, Dirk


-- 
http://www.haun-online.de/
http://www.haun.info/