Quote:
Originally Posted by well named
You don't usually do a dns lookup on a host name you don't intend to initiate a connection with. There are exceptions to this like how some anti-spam software works. But the idea that they are communicating is inferred rather than demonstrated
I mean one pretty plausible explanation for the repeated DNS requests is that whatever connection is being attempted is getting rejected and is being retried at intervals.
Just as an example of what could be happening: Suppose someone at Alfa has a marketing email from Trump sitting in their inbox somewhere. The email contains HTML content that links back to mail1.trump-email.com. The email client attempts to retrieve this content, executing a DNS lookup in the process. The server rejects the connection, meaning the email client cannot retrieve the content. Next time the person opens their inbox, this whole process repeats itself.
There might be details that make this exact story implausible, but there are a very large number of variations, one of which is probably correct.
Edit: There are a very large number of email servers, email clients, spam filters, antivirus programs etc etc out there, all of which interact with each other in complex and unpredictable ways. Having weird, initially inexplicable things happen when bits of tech are thrown together is the norm in computing.
Last edited by ChrisV; 03-10-2017 at 09:16 PM.