Suggestion: Reporting: Notifying all A/CNAME ISPs

[Jeff G.]

Please adjust the Parser to identify all A Records and follow all CNAME Records for spamvertized URLs in order to more completely inform the ISPs of the systems providing spam support services in the form of web services for those URLs. Thanks!

[get-even]

Please adjust the Parser to identify all A Records and follow all CNAME Records for spamvertized URLs in order to more completely inform the ISPs of the systems providing spam support services in the form of web services for those URLs.  Thanks!

21918[/snapback]

An example for why to do this:

4 spam messages, 3 separate domains, each with the same 3 identical 'A' records. Each one parsed showing no "history" for the site (initially) and two different IPs resolved in different reports (instead of all being recognized as a single source/site).

http://www.spamcop.net/sc?id=z713073062z25...a68253f862cbd1z

http://www.spamcop.net/sc?id=z713073168zd1...9790a4a2943187z

http://www.spamcop.net/sc?id=z713073261z96...471c01714160f2z

http://www.spamcop.net/sc?id=z713073168zd1...9790a4a2943187z

% dig '*.sdfkjhwerg.info' any

; <<>> DiG 9.3.0 <<>> *.sdfkjhwerg.info any

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27429

;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:

;*.sdfkjhwerg.info. IN ANY

;; ANSWER SECTION:

*.sdfkjhwerg.info. 1200 IN A 65.203.151.193

*.sdfkjhwerg.info. 1200 IN A 211.144.162.61

*.sdfkjhwerg.info. 1200 IN A 211.144.164.201

;; AUTHORITY SECTION:

sdfkjhwerg.info. 1200 IN NS FIRST.darubebam.biz.

sdfkjhwerg.info. 1200 IN NS THIRD.darubebam.biz.

sdfkjhwerg.info. 1200 IN NS SECOND.darubebam.biz.

;; ADDITIONAL SECTION:

FIRST.darubebam.biz. 597 IN A 211.144.164.201

THIRD.darubebam.biz. 599 IN A 211.144.162.61

SECOND.darubebam.biz. 597 IN A 211.144.162.44

;; Query time: 332 msec

;; SERVER: 199.184.245.68#53(199.184.245.68)

;; WHEN: Sat Jan 15 15:29:34 2005

;; MSG SIZE rcvd: 205

% dig '*.sdfkjhwerg.info' any [at]SECOND.darubebam.biz.

; <<>> DiG 9.3.0 <<>> *.sdfkjhwerg.info any [at]SECOND.darubebam.biz.

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38190

;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:

;*.sdfkjhwerg.info. IN ANY

;; ANSWER SECTION:

*.sdfkjhwerg.info. 1200 IN A 65.203.151.193

*.sdfkjhwerg.info. 1200 IN A 211.144.162.61

*.sdfkjhwerg.info. 1200 IN A 211.144.164.201

;; AUTHORITY SECTION:

sdfkjhwerg.info. 1200 IN NS FIRST.darubebam.biz.

sdfkjhwerg.info. 1200 IN NS SECOND.darubebam.biz.

sdfkjhwerg.info. 1200 IN NS THIRD.darubebam.biz.

;; ADDITIONAL SECTION:

FIRST.darubebam.biz. 1200 IN A 211.144.164.201

SECOND.darubebam.biz. 1200 IN A 211.144.162.44

THIRD.darubebam.biz. 1200 IN A 211.144.162.61

;; Query time: 310 msec

;; SERVER: 211.144.162.44#53(SECOND.darubebam.biz.)

;; WHEN: Sat Jan 15 15:29:44 2005

;; MSG SIZE rcvd: 205

% dig '*.sdfhwbsldf.info' any [at]SECOND.darubebam.biz.

; <<>> DiG 9.3.0 <<>> *.sdfhwbsldf.info any [at]SECOND.darubebam.biz.

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50388

;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:

;*.sdfhwbsldf.info. IN ANY

;; ANSWER SECTION:

*.sdfhwbsldf.info. 1200 IN A 65.203.151.193

*.sdfhwbsldf.info. 1200 IN A 211.144.162.61

*.sdfhwbsldf.info. 1200 IN A 211.144.164.201

;; AUTHORITY SECTION:

sdfhwbsldf.info. 1200 IN NS FIRST.darubebam.biz.

sdfhwbsldf.info. 1200 IN NS SECOND.darubebam.biz.

sdfhwbsldf.info. 1200 IN NS THIRD.darubebam.biz.

;; ADDITIONAL SECTION:

FIRST.darubebam.biz. 1200 IN A 211.144.164.201

SECOND.darubebam.biz. 1200 IN A 211.144.162.44

THIRD.darubebam.biz. 1200 IN A 211.144.162.61

;; Query time: 315 msec

;; SERVER: 211.144.162.44#53(SECOND.darubebam.biz.)

;; WHEN: Sat Jan 15 15:33:29 2005

;; MSG SIZE rcvd: 205