get-even Posted December 28, 2004 Share Posted December 28, 2004 In the part few days, several spam messages have contained web sites with multiple 'A' records in their DNS. The SpamCop parser seem to only report/track the first one found, This reduces the number of reports for a address by the number of distict 'A' records. Example: % nslookup -type=any www.substations.nbikgebj.info first.nokkauma.biz. Server: first.nokkauma.biz. Address: 65.203.151.193#53 Name: www.substations.nbikgebj.info Address: 222.223.134.42 Name: www.substations.nbikgebj.info Address: 202.102.230.37 Name: www.substations.nbikgebj.info Address: 65.203.151.192 and for tracking purposes, in the part few minutes: http://www.spamcop.net/sc?id=z707174640z33...0889565379a063z http://www.spamcop.net/sc?id=z707174792z84...04c9c45a8da10cz http://www.spamcop.net/sc?id=z707174870zc0...cecc1ac3f8033bz Note some others have had as many as 6 'A' records (they are distict servers, but seem to contain the same "pages" - also, not always are all of the 'A' valid or "up") Link to comment Share on other sites More sharing options...
Jeff G. Posted December 28, 2004 Share Posted December 28, 2004 That's a good idea. Please see my new Suggestion: Reporting: Notifying all A/CNAME ISPs regarding this issue. Thanks! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.