[SpamCop-List] Re: Ok, I'll ask: What is going on here?
gospamming at yourdomain.invalid
Sun May 30 22:03:58 EDT 2004
"Mike Easter" <MikeE at ster.invalid> wrote in
news:c9dcso$6uo$1 at news.spamcop.net:
> That seems like a strange strategy to me; and I suppose that it
> isn't likely that Julian will appear to explain it.
When the new parsing strategy became active for the first time, it was
in a sort of "verbose" mode, explaining more of what it was doing. I
reproduced it in my two postings that day with subject "New parser
feature, smart grouping of links":
[quote relevant part]
Resolving link obfuscation
host 184.108.40.206 = 116-194-249-63-rev.propagation.net (cached)
host 220.127.116.11 (getting name) no name
host 18.104.22.168 = mailapoint002.mailbank.com (cached)
host 22.214.171.124 (getting name) no name
host 126.96.36.199 = 209-163-221-194.gen.twtelecom.net (cached)
host 188.8.131.52 = dn4.directnic.com (cached)
host 184.108.40.206 (getting name) no name
host 220.127.116.11 (getting name) no name
host 18.104.22.168 = mail.mercuryloungenyc.com (cached)
host 22.214.171.124 (getting name) no name
host 126.96.36.199 = signatureparking.visual.com (old cache)
host 188.8.131.52 (getting name) no name
host 184.108.40.206 = 66-173-241-226.serial.cavtel.net (cached)
host 220.127.116.11 = cluster1.verticalaxis.com (cached)
host 18.104.22.168 (getting name) no name
host 22.214.171.124 = acorn.org (cached)
host 126.96.36.199 (getting name) no name
host 188.8.131.52 (getting name) no name
host 184.108.40.206 (getting name) no name
host 220.127.116.11 = host.goad.net (cached)
host 18.104.22.168 (getting name) no name
host 22.214.171.124 = www.insecure.org (cached)
host 126.96.36.199 = drake.org (cached)
host 188.8.131.52 (getting name) no name
webster3456biz.biz has multiple links with different subdomains
pointing to it.
I wonder if a random one would work...
yep, webster3456biz.biz returned an address of 184.108.40.206
Name service for this domain is supplied by NS3.AIRMARAMBA.biz.
IP address(es) for name service: 220.127.116.11 18.104.22.168
Still too many links. Time to prioritize!
The domain webster3456biz.biz appears multiple times, testing it.
Everything else only appears once, not testing further.
Tracking nameserver: 22.214.171.124
Tracking ip 126.96.36.199
Cached masters for 188.8.131.52: abuse at epnetworks.co.kr
spamrelay at certcc.or.kr spamcop at kisa.or.kr postmaster at epnetworks.co.kr
Tracking nameserver: 184.108.40.206
Tracking ip 220.127.116.11
Cached masters for 18.104.22.168: abuse at publicf.bta.net.cn anti-
spam#chinanet.cn.net at devnull.spamcop.net postmaster at cta.cq.cn
jieliang#ix.netcom.com at devnull.spamcop.net wangyan at public.cta.cq.cn
dnsmail at public.cta.cq.cn spam#ctsi.com.cn at devnull.spamcop.net
zhong at public.cta.cq.cn
As you can see by following the "chatty" parse, the parser discards the
bogus links without even bothering to test them because each one appears
just once in the spam. The domain webster3456biz.biz appears in multiple
links, so the parser tests it further for its DNS service.
My Personal email: ddiazxn @ telefonica . net
More information about the SpamCop-List