Aaaagh spam

[the hatter]

On Sat, 30 Dec 2006, Phil Pennock wrote:

> The other option at present is to ensure that you're using a sub-domain
> of a registered domain.  The spammers are (currently) only
> dictionary-walking and/or joe-jobbing registered domains, not trying to
> find sub-domains.

Regrettably untrue, I've had bang used for several incidents like that
over the years, of course most noticably in the last year or so.  As a
subdomain, I don't think it made it much onto usenet and it's not had an A
record for a long time, but is used for mailing lists, throwaway addresses
and per-company registration addresses so fairly widely distributed.

My MTA doesn't drop mails based on the LHS, instead I accept the mails and
let procmail feed regexp'd or blacklisted stuff directly to my assassin to
help with the training.


the hatter