Spammers Start Using Wildcard DNS

In his now-famous, A Plan for Spam, Paul Graham wrote:

… the spam of the future will probably look something like this:

Hey there. Thought you should check out the following:
http://www.27meg.com/foo

because that is about as much sales pitch as content-based filtering will leave the spammer room to make. (Indeed, it will be hard even to get this past filters, because if everything else in the email is neutral, the spam probability will hinge on the url, and it will take some effort to make that look neutral.)

Well I guess the future is here, now.

A lot of the spam I get looks a lot like this, and now it looks as though spammers have started to use wildcard DNS, to try and make their URLs look more 'neutral' (or at least different for each message).

Maybe it's been going on for a while, but I just noticed a URL that looked a bit like:

http://cementarlene.coerciblewade.tabulawhereby.not-real-domain.info/

Sure enough, any combination of words prepended to not-real-domain.info, resolves to the same IP address.

I suppose, now that Internet Explorer doesn't support usernames and passwords in URLs, it's the next best thing for filling your domain names with random or confusing words. I can see a few future phishing expeditions based on it too.