* Posts by veteran-of-the-spam-wars

1 post • joined 31 May 2018

SpamCannibal blacklist service reanimated by squatters, claims every IP address is spammy


Nothing to see here, move on

Practically any domain name that expires is immediately taken over by domain hoarders looking to monetize it in some way - such as by "returning" it to the original owners for a sum.

Hoarders usually put in wildcard DNS. That means any query to any subdomain/host address of that domain will return a result.

In the case of blocklists, anybody using a blocklist of any kind should make sure that the responses they get are of the expected kind; a response other than 127.x.x.x should be discarded as invalid. Problem solved.

In this case (and iẗ́ is NOT the first of this ilk) queries to the repurposed domain are all returning the host address (not 127.anything) of the hoarder's web site. This has nothing to do with the fact that the domain used to be a blocklist domain or any other feature of the domain itself; this is standard modus operandi for domain hoarders.

There is nothing newsworthy here, if you don't count the fact that people using blocklists are not checking the response codes to make sure only valid responses are taken as such.


Biting the hand that feeds IT © 1998–2022