4 Sep
2012
4 Sep
'12
9:12 a.m.
On Tue, Sep 04, 2012 at 08:05:06AM -0400, William Herrin wrote:
I also doubt the efficacy of the method. Were this to become common practice, a spammer could trivially evade it by using his own DNS software or simply pumping out the address list along with pre-resolved IP addresses to deliver the mail to. For all I know, they already do.
You're precisely correct. They've been doing this for many years, (a) because it's efficient (b) because it evades detection by techniques that monitor MX query volume (c) because few MX's change often (d) because it scales beautifully across large botnets. ---rsk