On Mon, 04 Oct 2010 17:05:12 EDT, Suresh Ramasubramanian said:
dig throwaway1.com NS dig throwaway2.com NS
etc etc ... and then check_sender_ns_access in postfix, for example.
Yes, that *is* better than whack-a-mole on the same DNS server, but... The NANOG lurker in the next cubicle used to do that. Turned out the bang-for-buck wasn't as good as we hoped - it doesn't take too many false-positive errors blocking 20,000 domains hosted on the same DNS server as one spammer before the collateral damage becomes too painful. Our cost of dealing with a false positive is a lot higher than a false negative, especially once you factor in goodwill - people don't like spam, but a false positive on something they consider important causes more ire than 10x as many false negatives. That, and when our block list hit 150K entries or so, its size caused *other* issues with various things that were never designed for block lists quite that big...