On Mon, 9 Jun 2014, Rob McEwen wrote:
Domain age is a good metric to factor in. But I'm always fascinated with
some people's desire to block all messages with extremely new domains.
Keep in mind that many large and famous businesses... who have fairly
good mail sending practices... sometimes
Quoting Lucio Chiappetti lu...@lambrate.inaf.it:
On Mon, 9 Jun 2014, Rob McEwen wrote:
Domain age is a good metric to factor in. But I'm always fascinated with
some people's desire to block all messages with extremely new domains.
Keep in mind that many large and famous businesses... who
On 06/10/2014 12:28 PM, Patrick Domack wrote:
Not saying this doesn't happen. But also, how often does someone
register a domain, move all their users to the new domain, have the
server all reconfigured to use this new domain, all within the first day?
I know personally, I have always taken at
Quoting Axb axb.li...@gmail.com:
On 06/10/2014 12:28 PM, Patrick Domack wrote:
Not saying this doesn't happen. But also, how often does someone
register a domain, move all their users to the new domain, have the
server all reconfigured to use this new domain, all within the first day?
I
On 06/10/2014 04:14 PM, Patrick Domack wrote:
Quoting Axb axb.li...@gmail.com:
On 06/10/2014 12:28 PM, Patrick Domack wrote:
Not saying this doesn't happen. But also, how often does someone
register a domain, move all their users to the new domain, have the
server all reconfigured to use
Quoting Axb axb.li...@gmail.com:
On 06/10/2014 04:14 PM, Patrick Domack wrote:
Quoting Axb axb.li...@gmail.com:
On 06/10/2014 12:28 PM, Patrick Domack wrote:
Not saying this doesn't happen. But also, how often does someone
register a domain, move all their users to the new domain, have
On 6/10/2014 10:21 AM, Axb wrote:
All URI BLs I know of (SURBL/URIBL/DBL/Invaluement/etc) check track
domain reputation otherwise they'd be unusable.
Their listings are not blind - they all have their secret sauce to
process before listing a domain.
Absolutely. As Axb and KAM and others
On 6/10/2014 10:34 AM, Patrick Domack wrote:
So, we are unwilling to look into any new ideas cause there might be
an issue? that we haven't scoped or checked into?
Patrick,
I don't think Axe was arguing against this idea.. I think he was arguing
against irrational exuberance by some who may
Quoting Rob McEwen r...@invaluement.com:
On 6/10/2014 10:21 AM, Axb wrote:
All URI BLs I know of (SURBL/URIBL/DBL/Invaluement/etc) check track
domain reputation otherwise they'd be unusable.
Their listings are not blind - they all have their secret sauce to
process before listing a domain.
On 06/10/2014 04:34 PM, Patrick Domack wrote:
Quoting Axb axb.li...@gmail.com:
On 06/10/2014 04:14 PM, Patrick Domack wrote:
Quoting Axb axb.li...@gmail.com:
On 06/10/2014 12:28 PM, Patrick Domack wrote:
Not saying this doesn't happen. But also, how often does someone
register a domain,
On 06/10/2014 05:11 PM, Patrick Domack wrote:
There are all kinds of way to use the infomation. I just don't
understand why people are so against it, cause it's not 100% foolproof.
Nobody is against the idea, problem is scalability and trust.
To make domain age usable, the BLs I mentioned make
Quoting Axb axb.li...@gmail.com:
On 06/10/2014 05:11 PM, Patrick Domack wrote:
There are all kinds of way to use the infomation. I just don't
understand why people are so against it, cause it's not 100% foolproof.
Nobody is against the idea, problem is scalability and trust.
To make domain
On 06/10/2014 06:51 PM, Patrick Domack wrote:
Quoting Axb axb.li...@gmail.com:
On 06/10/2014 05:11 PM, Patrick Domack wrote:
There are all kinds of way to use the infomation. I just don't
understand why people are so against it, cause it's not 100% foolproof.
Nobody is against the idea,
On Mon, 9 Jun 2014 22:44:22 +0200
Matthias Leisi matth...@leisi.net wrote:
I still have an experimental DNS server (written in Perl) lying
around that this more-or-less what is described here. The overall
system would need a bit more thought, though.
Attached is a hacky proof-of-concept
Quoting Axb axb.li...@gmail.com:
On 06/10/2014 06:51 PM, Patrick Domack wrote:
Quoting Axb axb.li...@gmail.com:
On 06/10/2014 05:11 PM, Patrick Domack wrote:
There are all kinds of way to use the infomation. I just don't
understand why people are so against it, cause it's not 100%
On 6/9/2014 2:38 PM, David F. Skoll wrote:
On Mon, 09 Jun 2014 14:24:19 -0400
Patrick Domack patric...@patrickdk.com wrote:
That could be easily done. Only issue is, if you trust the
distributed lookups to have accurate infomation.
I suppose we could build in a trust system, where if enough
On Mon, 9 Jun 2014, Kevin A. McGrail wrote:
So there is merit in building a distributed look-up system using SA.
Distributed lookup of *what*, though? Can you clarify that part of your
idea? Are you referring to distributed whois queries for a domain name, to
determine its age?
--
John
Domain age is a good metric to factor in. But I'm always fascinated with
some people's desire to block all messages with extremely new domains.
(NOT saying that this applies to everyone who posted on this thread!)
Keep in mind that many large and famous businesses... who have fairly
good mail
On Mon, 9 Jun 2014 11:51:21 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
So there is merit in building a distributed look-up system using SA.
Distributed lookup of *what*, though? Can you clarify that part of
your idea? Are you referring to distributed whois queries for a
domain name,
On 6/9/2014 2:51 PM, John Hardin wrote:
On Mon, 9 Jun 2014, Kevin A. McGrail wrote:
So there is merit in building a distributed look-up system using SA.
Distributed lookup of *what*, though? Can you clarify that part of
your idea? Are you referring to distributed whois queries for a domain
On 6/9/2014 3:02 PM, Rob McEwen wrote:
Domain age is a good metric to factor in. But I'm always fascinated with
some people's desire to block all messages with extremely new domains.
(NOT saying that this applies to everyone who posted on this thread!)
Keep in mind that many large and famous
Quoting David F. Skoll d...@roaringpenguin.com:
On Mon, 9 Jun 2014 11:51:21 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
So there is merit in building a distributed look-up system using SA.
Distributed lookup of *what*, though? Can you clarify that part of
your idea? Are you
On Mon, 9 Jun 2014, David F. Skoll wrote:
On Mon, 9 Jun 2014 11:51:21 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
So there is merit in building a distributed look-up system using SA.
Distributed lookup of *what*, though? Can you clarify that part of
your idea? Are you referring to
On Mon, 09 Jun 2014 15:24:29 -0400
Patrick Domack patric...@patrickdk.com wrote:
The point was, I have already done this, and have it in production.
I did this cause this subject keeps coming up from time to time, and
I was personally interested to see the results of it.
Interesting. If you
On 6/9/2014 3:24 PM, Patrick Domack wrote:
The point was, I have already done this, and have it in production. I
did this cause this subject keeps coming up from time to time, and I
was personally interested to see the results of it.
And I do agree with Rob McEwen on many points. And I would
If SEM was able to detect newly registered domains more quickly then that would
solve the problem.
From: John Hardin jhar...@impsec.org
Sent: Monday, June 09, 2014 2:24 PM
To: users@spamassassin.apache.org
Subject: Re: Domain ages (was Re: SPAM from
On Mon, 9 Jun 2014, Kevin A. McGrail wrote:
On 6/9/2014 2:51 PM, John Hardin wrote:
On Mon, 9 Jun 2014, Kevin A. McGrail wrote:
So there is merit in building a distributed look-up system using SA.
Distributed lookup of *what*, though? Can you clarify that part of your
idea? Are you
On 6/9/2014 3:33 PM, John Hardin wrote:
On Mon, 9 Jun 2014, Kevin A. McGrail wrote:
On 6/9/2014 2:51 PM, John Hardin wrote:
On Mon, 9 Jun 2014, Kevin A. McGrail wrote:
So there is merit in building a distributed look-up system using SA.
Distributed lookup of *what*, though? Can you
On 6/9/2014 3:31 PM, David Jones wrote:
If SEM was able to detect newly registered domains more quickly then that would
solve the problem.
That is the crux of the issue, yes. So how do you identify new domains
if the registrars/registries won't give you the data? That's the problem
my idea
On Mon, 9 Jun 2014, David Jones wrote:
If SEM was able to detect newly registered domains more quickly then
that would solve the problem.
Oh, agreed.
The problem is, a registrar feed of registration changes costs a lot, and
this is a free project.
That's why I suggested trying to develop
On 06/09/2014 09:38 PM, Kevin A. McGrail wrote:
That is the crux of the issue, yes. So how do you identify new domains
if the registrars/registries won't give you the data? That's the problem
my idea solves by monitoring newly seen domains with the idea being that
spammers are not going to buy
On Mon, Jun 9, 2014 at 8:43 PM, Kevin A. McGrail kmcgr...@pccc.com wrote:
I think the core issue is that age of domains is a good indicator of spam.
So there is merit in building a distributed look-up system using SA.
I have more ideas than resources, of course...
I repeat my question:
On 6/9/2014 4:25 PM, Matthias Leisi wrote:
On Mon, Jun 9, 2014 at 8:43 PM, Kevin A. McGrail kmcgr...@pccc.com
mailto:kmcgr...@pccc.com wrote:
I think the core issue is that age of domains is a good indicator
of spam. So there is merit in building a distributed look-up
system
On Mon, Jun 9, 2014 at 9:11 PM, David F. Skoll d...@roaringpenguin.com
wrote:
The clever part is that once lots of sites begin using this in their
SA setups, we'll very quickly build up quite an accurate database of
newly-seen domains that's completely independent of any registrar for
a data
Quoting Matthias Leisi matth...@leisi.net:
On Mon, Jun 9, 2014 at 8:43 PM, Kevin A. McGrail kmcgr...@pccc.com wrote:
I think the core issue is that age of domains is a good indicator of spam.
So there is merit in building a distributed look-up system using SA.
I have more ideas than
On 06/09/2014 10:32 PM, Patrick Domack wrote:
Quoting Matthias Leisi matth...@leisi.net:
On Mon, Jun 9, 2014 at 8:43 PM, Kevin A. McGrail kmcgr...@pccc.com
wrote:
I think the core issue is that age of domains is a good indicator of
spam.
So there is merit in building a distributed look-up
On Mon, 9 Jun 2014 22:31:55 +0200
Matthias Leisi matth...@leisi.net wrote:
*But*, again: which domains would be queried for such a list?
I think MAIL FROM domain.
Regards,
David.
On Mon, June 9, 2014 15:35, Patrick Domack wrote:
I guess what would need to be hammered out, is, the exact info wanted.
We know age, and registrar. Though doing the registrar isn't so
simple, as the same for just ENOM changes between tld, and even within
a single tld (likely from the
On Mon, Jun 9, 2014 at 9:11 PM, David F. Skoll d...@roaringpenguin.com
wrote:
The DNS software that serves the zone newdomain.example.net runs
the following pseudo-code when example.org is looked up:
[..]
So who's volunteering to do this? :)
*raises hand*
I still have an experimental
On 06/09/2014 10:43 PM, James B. Byrne wrote:
On Mon, June 9, 2014 15:35, Patrick Domack wrote:
I guess what would need to be hammered out, is, the exact info wanted.
We know age, and registrar. Though doing the registrar isn't so
simple, as the same for just ENOM changes between tld, and
On 06/09/2014 12:29 PM, Kevin A. McGrail wrote:
On 6/9/2014 3:24 PM, Patrick Domack wrote:
The point was, I have already done this, and have it in production. I
did this cause this subject keeps coming up from time to time, and I
was personally interested to see the results of it.
And I do
On Mon, Jun 9, 2014 at 11:31 PM, Richard Doyle lists...@islandnetworks.com
wrote:
A caching whois client (jwhois, for example) can significantly reduce
the volume of queries.
You will need to query potentially hundreds or thousands of domains *per
day* - mostly throw away domains from
Quoting Matthias Leisi matth...@leisi.net:
On Mon, Jun 9, 2014 at 11:31 PM, Richard Doyle lists...@islandnetworks.com
wrote:
A caching whois client (jwhois, for example) can significantly reduce
the volume of queries.
You will need to query potentially hundreds or thousands of domains
On 06/09/2014 02:42 PM, Matthias Leisi wrote:
On Mon, Jun 9, 2014 at 11:31 PM, Richard Doyle
lists...@islandnetworks.com mailto:lists...@islandnetworks.com wrote:
A caching whois client (jwhois, for example) can significantly reduce
the volume of queries.
You will need to query
44 matches
Mail list logo