New Spam Tactics Straining DNS
Some spammers, fearing prosecution under the Can-Spam Act, are reportedly sending mass mailings during the night from domain names that have not yet been registered, then later submitting the domains for registration. The technique, they reason, will make it harder for authorities to trace the source of the mailing.
But the scheme has the unintended effect of straining the SMTP servers of the recipient's network, which might spend hours searching for the nonexistent domain in central DNS lookup files.
If a glut of messages arrive on a network at once, they can cause delays and timeouts on the DNS servers and backups in SMTP message queues. As a result, legitimate emails may sit undelivered for hours, which can be devestating to businesses that require fast turnaround of information and quick decisions.
"I've seen systems that have to do as many as 30 DNS calls on each message,” said Paul Judge, chief technology officer at Atlanta-based mail security firm CipherTrust Inc. “Even in large enterprises, it's becoming very common to see a large spam load cripple the DNS infrastructure."
In an attempt to reduce the burden on their servers, some companies have started disabling some DNS functions, which has the somewhat ironic effect of allowing in more spam. Another solution, though costly, is for corporations to upgrade their servers so they can accommodate the heavy workload caused by the additonal lookups.
Introduced last year, the Can-Spam Act was designed to reduce spam by making it illegal to send messages with fake addresses. While spam complaints are down by 75 percent since the Act went into effect, critics say spammers will continue to employ new techniques to circumvent prosecution and the legislation isn’t worth the problems it has the potential to create.