One thing that is really handy for spamming operations is to control one's own name servers. Sometime over a year ago, the Outbound Index started keeping a collection of data about domains and their name servers. We record new name servers, deleted name servers, IE changes to name servers. From this we could get churn rate as well as density per cidr block, and age of name servers.

Coupled with other factors and tests, this data could contribute to predictive anti-spam. As opposed to reactive anti-spam, where one waits for spam to arrive and then does something to block additional spam with the same characteristics.

I did a couple of simple things for my own use with a form page I call my "Name Server Playground" - a place I can try out ideas for what might be useful to automate or just have fun.

For example - show me the density of name servers in the block 8.8.0.0/16, grouped by /24's:

177 - 8.8.162.0/24 names
132 - 8.8.163.0/24 names
35 - 8.8.160.0/24 names
32 - 8.8.161.0/24 names
2 - 8.8.9.0/24 names
1 - 8.8.8.0/24 names
1 - 8.8.83.0/24 names
1 - 8.8.193.0/24 names

Then I can click on "names" next to any of these and get the list of the 177 domains ( see screenshot ).

Going further, I can get a list of all domains served by a particular name server by the ns hostname.

I tweaked the display a bit to show me both a list with age of the name server as well as a comma separated list of the base domains I can easily swipe and paste into another database table if desired.

Readers who are avid investigators of spam, please comment and let me know if you have access to this kind of data for your work and if so, how are you using it? ( Feel free to respond on list or privately to me by email if you are on a list with me instead of here if you prefer. ) Or, if you don't have access to this kind of data and would like to, send me a request.