Dan,
That would be a valuable test IMO, however I think there might be issues
with load since I am not aware of a standard method of caching whois
lookups. Because whois output also comes in many forms (as opposed to
DNS) it would be process intensive to grab the registration date. Then
Spammers put links in the body of messages and more recently are creating them by the
pound, changing to new ones multiple times/days. Is it possible to have a test that
checks the age of domain names in the body? This information is available from a
number of places:
