Re: R: New domains (was: URIWhois plugin)

--On Thursday, September 27, 2007 7:05 PM +0200 Giampaolo Tomassoni [EMAIL PROTECTED] wrote: The only problem is that a spammer could query it days before it will bulk send, thereby impairing the effectiveness of such approach. I think we need some official data like the domain's creation

Re: R: New domains (was: URIWhois plugin)

Quoting Kenneth Porter [EMAIL PROTECTED]: --On Thursday, September 27, 2007 7:05 PM +0200 Giampaolo Tomassoni [EMAIL PROTECTED] wrote: The only problem is that a spammer could query it days before it will bulk send, thereby impairing the effectiveness of such approach. I think we need

New domains (was: URIWhois plugin)

(The idea below is not mine, someone else (I'm sorry, but I forgot who) wrote about it here (I think) before.) Giampaolo Tomassoni wrote: brand-new domains, Something that could work for this without the problems inherent in using whois or registry databases is to simply check how long

R: New domains (was: URIWhois plugin)

-Messaggio originale- Da: Jonas Eckerman [mailto:[EMAIL PROTECTED] Inviato: giovedì 27 settembre 2007 18.17 A: users@spamassassin.apache.org Oggetto: New domains (was: URIWhois plugin) (The idea below is not mine, someone else (I'm sorry, but I forgot who) wrote about it here (I

Re: New domains (was: URIWhois plugin)

Quoting Jonas Eckerman [EMAIL PROTECTED]: (The idea below is not mine, someone else (I'm sorry, but I forgot who) wrote about it here (I think) before.) Giampaolo Tomassoni wrote: brand-new domains, Something that could work for this without the problems inherent in using whois or

Re: New domains (was: URIWhois plugin)

2. As mentioned above the whois data is sometimes populated *after* the domains start appearing in spams. Remember that the whois data is still mostly batch processed once or twice a day. Many of the TLD zone files (where the DNS delegations actually come from) are updated in near real

Re: URIWhois plugin

Quoting Giampaolo Tomassoni [EMAIL PROTECTED]: Dears, well, I just did version 0.01 of the URIWhois plugin. Its purpose is mainly to detect some spam containing URIs to sites in brand-new domains, or having some conflict in whois and dns records, or being driven by specific dns servers

Re: URIWhois plugin

Jeff Chan wrote: In principle, this is a good concept; using domain whois data to spot bad domains can be useful. In practice, it's a really, really, really bad idea since the public whois infrastructure is not designed for this kind of high volume use. If many people did it, it would

R: URIWhois plugin

-Messaggio originale- Da: Jeff Chan [mailto:[EMAIL PROTECTED] In principle, this is a good concept; using domain whois data to spot bad domains can be useful. In practice, it's a really, really, really bad idea since the public whois infrastructure is not designed for this kind

Re: R: URIWhois plugin

Quoting Giampaolo Tomassoni [EMAIL PROTECTED]: How do they handle these domains in a centralized way? Do they simply relay a whois request for not-yet-seen domains? Because in this case they have to tune their whois parsers a bit: dob.sibl.support-intelligence.net, in example, reports both

URIWhois plugin

Dears, well, I just did version 0.01 of the URIWhois plugin. Its purpose is mainly to detect some spam containing URIs to sites in brand-new domains, or having some conflict in whois and dns records, or being driven by specific dns servers. So, it is meant to do something I believe someone else