I wonder if it is pure coincidence or not - There seems to have
been an upswing in the use of 0-day domains today (which don't get caught
by DOB - e.g. stedatlan.com-M olpartmen.com-M in the past hour). But
we still have the various BLs, so these are still high scoring spams:-)
On Friday, June 23, 2006, 5:09:55 PM, jdow jdow wrote:
Jeff, it's probably quite good when the lookup is implemented on
spam traps and a small collection of servers. The domain registrars
who are honest might like it. It'd reduce the incentive and value
of domain kiting.
Presumably the list
On Sat, 2006-06-24 at 05:08 -0700, Jeff Chan wrote:
On Friday, June 23, 2006, 5:09:55 PM, jdow jdow wrote:
Jeff, it's probably quite good when the lookup is implemented on
spam traps and a small collection of servers. The domain registrars
who are honest might like it. It'd reduce the
On Sat, 24 Jun 2006, Jeff Chan wrote:
Michael gives some good possibilities and a discussion of the
difference with greylisting. Note that whois can't really be done
on an automated, high-frequency basis.
Back when I first suggested this a couple of years ago, it was
possible to download a
On Thursday, June 22, 2006, 3:21:36 PM, Ken A wrote:
Jeff Chan wrote:
On Thursday, June 22, 2006, 10:35:10 AM, Ken A wrote:
Rick Wesson over at Alice's Registry has a dnsrbl listing recently
registered domains (see below). I thought this might be of interest to
SA users. Anyone used
On Thursday, June 22, 2006, 7:46:33 PM, List User wrote:
Seems quite conservative to me - It seems that any new domain
should/would be *very* well behaved during the 5-day ICANN defined trial
period (a domains can be deleted by the registrar in the first 5 days with
no redemption
On Thursday, June 22, 2006, 7:46:33 PM, List User wrote:
Lots of spam
domains don't get used for the first 5 days already because of the ease
with which they can be nuke'd in that time period.
I just realized you may be referring to the domain tasting or
domain kiting issue, where millions of
On Freitag, 23. Juni 2006 14:10 Jeff Chan wrote:
http://www.bobparsons.com/DomainKiting.html
Very interesting page, I wasn't aware of Domain Kiting yet.
A check for new domains would be good implemented in the MTA directly,
so postfix could temporary reject delivery until the domain is at
On Friday, June 23, 2006, 5:31:04 AM, Michael Monnerie wrote:
On Freitag, 23. Juni 2006 14:10 Jeff Chan wrote:
http://www.bobparsons.com/DomainKiting.html
Very interesting page, I wasn't aware of Domain Kiting yet.
A check for new domains would be good implemented in the MTA directly,
so
Jeff Chan writes:
On Friday, June 23, 2006, 5:31:04 AM, Michael Monnerie wrote:
On Freitag, 23. Juni 2006 14:10 Jeff Chan wrote:
http://www.bobparsons.com/DomainKiting.html
Very interesting page, I wasn't aware of Domain Kiting yet.
A check for new domains would be good implemented
On Freitag, 23. Juni 2006 14:49 Jeff Chan wrote:
1. Getting domain ages from whois is difficult and very
non-uniform between registrars.
2. We probably don't want millions of MTAs doing billions of
whois queries per day or per hour.
I didn't think of whois, anyway.
4. A DNSBL is a
On Friday, June 23, 2006, 6:36:38 AM, Michael Monnerie wrote:
On Freitag, 23. Juni 2006 14:49 Jeff Chan wrote:
4. A DNSBL is a reasonably good technology for distributing
these data.
Yes, some DNSBL. It should be one that contains newly registered
domains, within the 5 day test period.
On Freitag, 23. Juni 2006 17:43 Jeff Chan wrote:
Please see the topic of the original message. Such a BL has
already been created by Rick Wesson of ar.com.
I've read it, but it didn't say how reliable that BL is. Does it 100%
cover all new domains world wide, or just for some? Is it directly
On 6/23/06, Michael Monnerie [EMAIL PROTECTED] wrote:
A check for new domains would be good implemented in the MTA directly,
so postfix could temporary reject delivery until the domain is at least
6 days old. OK, it would offend real people - but waiting 5 days for a
new company shouldn't be too
On Freitag, 23. Juni 2006 20:55 Noel Jones wrote:
add to your other rbl restrictions in postfix:
reject_rhsbl_sender dob.sibl.support-intelligence.net
Yes, but it can of course only check the sender (MAIL FROM) of the
e-mail. This can be forged to be anything, and then within the mail is
At 02:15 PM 6/23/2006, Michael Monnerie wrote:
You can use the rbl_reply_maps feature to tell
postfix to 454 defer
this mail rather than 554 reject it. See docs or
postfix-users list
for details.
OK, I X-post now to postfix-users, because this part
belongs there.
When I use
From: Jeff Chan [EMAIL PROTECTED]
On Friday, June 23, 2006, 5:31:04 AM, Michael Monnerie wrote:
On Freitag, 23. Juni 2006 14:10 Jeff Chan wrote:
http://www.bobparsons.com/DomainKiting.html
Very interesting page, I wasn't aware of Domain Kiting yet.
A check for new domains would be good
On Samstag, 24. Juni 2006 02:31 jdow wrote:
Create business plan.
Acquire domains.
Acquire machines, install software, setup website, yatta and yatta.
# Bingo - five days are long gone before you:
Turn on sendmail.
Yes, that could be the good thing, but there might be people quicker
than
: Re: [dns-operations] negative caching of throwaway spam domains
Date: Thu, 22 Jun 2006 09:39:24 -0700
From: Rick Wesson [EMAIL PROTECTED]
I've created a DNSRBL called day-old-bread (ok you think of a good name
for it) that contains a running list of domains registered in the last 5
days
A
Pacific.Net
Hi Ken,
I was corresponding with Rick about how to test this and was
going to suggest the developers add a test rule.
Jeff C.
__
Original Message
Subject: Re: [dns-operations] negative caching of throwaway spam domains
Date: Thu, 22 Jun 2006 09:39:24 -0700
-intelligence.net.')
describeFROM_IN_DOB Domain recently registered
tflags FROM_IN_DOB net
score FROM_IN_DOB 0.1
This has hit a few spams today. ymmv..
Ken A
Pacific.Net
Jeff C.
__
Original Message
Subject: Re: [dns-operations] negative caching
On Thu, 22 Jun 2006, Ken A wrote:
# test for Day Old Bread DNSRBL of recently registered domains.
header FROM_IN_DOB
eval:check_rbl_envfrom('dob','dob.sibl.support-intelligence.net.')
describeFROM_IN_DOB Domain recently registered
tflags FROM_IN_DOB net
score
...
Jeff Chan wrote:
On Thursday, June 22, 2006, 10:35:10 AM, Ken A wrote:
Rick Wesson over at Alice's Registry has a dnsrbl listing recently
registered domains (see below). I thought this might be of interest to
SA users. Anyone used this, or other rbl with similar functions?
Scoring?
23 matches
Mail list logo