On Freitag, 23. Juni 2006 14:49 Jeff Chan wrote: > 1. Getting domain ages from whois is difficult and very > non-uniform between registrars. > 2. We probably don't want millions of MTAs doing billions of > whois queries per day or per hour.
I didn't think of whois, anyway. > 4. A DNSBL is a reasonably good technology for distributing > these data. Yes, some DNSBL. It should be one that contains newly registered domains, within the 5 day test period. This could only be provided by a registrar - could ANY registrar see that info, or only the one who registered a domain, or who is responsible for that TLD? > 3. It requires a program like SpamAssassin to deobfuscate and > exatract URIs to be checked. I believe soon the time will come that e-mail checks will change: 1) When new mail arrives, HELO, MAIL FROM, RCPT TO is passed and checked (is already done) 2) If mail passes, accept DATA 3) after DATA, but before the last OK, check URIBLs, and either make 200, or 4xx, or 5xx, depeding on the check 4) accept mail 5) check with SA more thoroughly For point 3), it's important that this is a very lightweight SA, only getting URIs withing the mail, and checking against some RBLs. Is it possible with SA in it's current form to say "do not apply ANY checks, just get me the list of URIs"? Then with the checks you posted, and a good return code, the MTA could 4xx or 5xx the connection for new domains. mfg zmi -- // Michael Monnerie, Ing.BSc ----- http://it-management.at // Tel: 0660/4156531 .network.your.ideas. // PGP Key: "curl -s http://zmi.at/zmi3.asc | gpg --import" // Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE // Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE
pgp1AAdUmZHZr.pgp
Description: PGP signature
