From: "Jeff Chan" <[EMAIL PROTECTED]>
On Friday, June 23, 2006, 5:31:04 AM, Michael Monnerie wrote:
On Freitag, 23. Juni 2006 14:10 Jeff Chan wrote:
http://www.bobparsons.com/DomainKiting.html
Very interesting page, I wasn't aware of Domain Kiting yet.
A check for new domains would be good implemented in the MTA directly,
so postfix could temporary reject delivery until the domain is at least
6 days old. OK, it would offend real people - but waiting 5 days for a
new company shouldn't be too problematic, the annoiance will stop
automatically.
That's an interesting idea, but probably impractical because:
1. Getting domain ages from whois is difficult and very
non-uniform between registrars.
2. We probably don't want millions of MTAs doing billions of
whois queries per day or per hour.
3. It requires a program like SpamAssassin to deobfuscate and
exatract URIs to be checked.
4. A DNSBL is a reasonably good technology for distributing
these data.
Jeff, it's probably quite good when the lookup is implemented on
spam traps and a small collection of servers. The domain registrars
who are honest might like it. It'd reduce the incentive and value
of domain kiting.
However, doesn't a greylist perform much the same intent - a domain
that has not been heard from before is held off for a second chance
in half an hour to an hour. "Obviously" new domains would trigger
the greylist. If the greylisting is done on a per domain basis it
could be combined with the whois lookup. If the whois lookup did
not provide age data the message is blocked per greylisting. If it
provides age data indicating an old domain it's blocked per greylisting.
If it indicates a new domain it's blocked with a permanent error.
(If the whois source is not trustworthy it's also blocked with a
permanent error.)
{^_^}
