---------------------------------------- > Date: Mon, 6 Jan 2014 12:26:08 +0000 > From: andrew.he...@aaisp.net.uk > To: users@spamassassin.apache.org > Subject: Re: Detecting very recently registered domain names > > On Thu, 19 Dec 2013 10:02:39 -0500 > Joe Quinn <jqu...@pccc.com> wrote: > >> We are noticing a lot of spam coming from domains that are less than >> two months old. Is there a good way to detect this automatically? >> >> We've thought about whois, but do not want to get blocked for looking >> like we are harvesting information. > > > May be off topic, but is this related to Communicado Ltd, who register > domains daily in order to send spam, more info and a maintained list(at > least at the moment) on: > http://blog.hinterlands.org/2013/10/unwanted-email-from-communicado-ltd/ > > > -- > Andrew >
Communicado are probably a bit smarter than may people give them credit for. They change tactics frequently, and are pretty good at what they do. They have been around a long time and that probably says a lot, given the characteristics of the industry they are in. In recent weeks they have moved from the 'day old' .co.uk domains to relatively old com/org/net domains (Aug last year). I'm sure they will change back again at some point though ... its not like NOMINET give a darn about spam, is it?? Playing 'whack-a-mole' with them isn't half as effective is focusing in on the common traits of the mail they sent out, like phone numbers (01799 252xxx), common phrases, the names of the instructors they use, the structure of the HTML in the mails themselves, and so on. Even the price they charge for their courses helps (everything seems to be £149.00 + VAT :) Registering a new domain costs peanuts, compared to re-working this kind of stuff on a regular basis, and as we all know, at the end of the day, its all about money.