Chris Santerre wrote:
> -----Original Message-----
> From: John D. Hardin [mailto:[EMAIL PROTECTED]
> Sent: Monday, October 30, 2006 3:30 PM
> To: Chris Santerre
> Cc: Wolfgang Uhr; users@spamassassin.apache.org
> Subject: RE: Age of a domain name - a new test?
>
>
> On Mon, 30 Oct 2006, Chris Santerre wrote:
>
> > Its also one of the MANY things we look at for URIBL submissions.
>
> Good, but a domain has to be submitted to you for URIBL inclusion
> before you loot at that, no?
Not exactly ;) I can't say anymore.
> A plugin would eliminate that on new domains.
Hell, I'd love to see it as well. Except this data alone does not make a
domain evil. It just increases the chances that it is evil. And where
would you get this info? How would you feed this list. dailychanges.com?
In bulk... if you've got the credibility you should be able to get the
info from the TLD operators. There are people getting this for input to
their reputation systems.
Essentially you are looking at a URI greylist for whois date info. Its
just too prone to FPs.
I ran a whois plugin (which is quite trivial to implement) for over a
year, I don't any more. Unless you've got the data in bulk already it
just isn't worth the time to get the info as there are usually far more
efficient ways that are less FP prone to catch the spam.
Daryl
