Home / Industry

DNS on Defense, DNS on Offense

Spam is a never-ending problem for service providers. Unfortunately criminals can still make money at someone else's expense so they persist in their mindless campaigns. The DNS is an integral part of well-established techniques for handling incoming spam, so unwanted mail doesn't get delivered to inboxes.

The other side of the problem is stopping outbound spam at its source, so it never leaves the network where it originates. Providers are interested in this for a bunch of reasons: if their network hits a blocklist it can prevent all emails from being received by organizations that use the blocklist. This diminishes the provider's reputation in the eyes of their peers — both literally and figuratively! There is also very real damage to the brand and typically real costs associated with support calls from unhappy users, lost customers, and wasted network resources.

Techniques for controlling outbound spam have mostly focused on managing port 25 traffic, but it's also possible to control outbound spam with the DNS. Since most spam today is sent by bot-infected hosts it's straightforward to use the DNS to identify which hosts on a network are communicating with known botnet command and control systems. It's equally easy to block these communication channels so infected systems can't get any instructions, so they can't send any spam. MX queries from infected hosts can also be blocked to prevent spam from being sent, or redirected to a mail gateway where the messages can be handled according to operator policies.

These two simple techniques can eliminate a huge proportion, up to 90%, of outbound spam with minimal false-positives. The impact on the DNS is minimal — and there is no need for additional equipment in the network, such as appliances. Nominum is hosting a webinar on this topic on April 24, 2012. It will provide details on the two techniques summarized above and describe how the solution can be deployed. Real-world data from two ISPs who have implemented this approach will be discussed as well as the advantages and disadvantages of this approach versus other techniques such as port 25 blocking or DPI.


About Nominum – Nominum is the innovation leader in DNS software and Internet Activity Applications. The company's Vantio™ CacheServe software powers the Internet for the world's largest CSPs in 40 countries. Vantio™ ThreatAvert software arms CSP's with the power to stop the spread of inside threats such as botnets and DNS-based DDoS amplification attacks that could impact network availability and reputation. Nominum's N2 applications enable CSP's marketing and customer care teams to leverage subscribers' Internet Activity to better engage, build brand loyalty, improve marketing ROI, and open up new business models. Nominum is a global organization headquartered in Redwood City, CA. Learn More

Related topics: DNS, Spam


Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Related Blogs

Related News

Explore Topics

Dig Deeper

IP Addressing

Sponsored by Avenue4 LLC

DNS Security

Sponsored by Afilias


Sponsored by Verisign

Mobile Internet

Sponsored by Afilias Mobile & Web Services

Promoted Posts

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s. more»

Industry Updates – Sponsored Posts

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Government Guidance for Email Authentication Has Arrived in USA and UK

Don't Gamble With Your DNS

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Radix Adds Dyn as a DNS Service Provider

Dyn Partners with the Internet Systems Consortium to Host Global F-Root Nameservers

Is Your TLD Threat Mitigation Strategy up to Scratch?

Domain Management Handbook from MarkMonitor

What Holds Firms Back from Choosing Cloud-Based External DNS?

Computerworld Names Afilias' Ram Mohan a Premier 100 Technology Leader

Protect Your Privacy - Opt Out of Public DNS Data Collection

Measuring DNS Performance for the User Experience

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Internet Grows to 296 Million Domain Names in Q2 2015

Protect Your Network From BYOD Malware Threats With The Verisign DNS Firewall

Introducing the Verisign DNS Firewall

Verisign Named to the Online Trust Alliance's 2015 Honor Roll

3 Key Steps for SMBs to Protect Their Website and Critical Internet Services