On Mon, 30 Oct 2006, Chris Santerre wrote: > > A plugin would eliminate that on new domains. > > Hell, I'd love to see it as well. Except this data alone does not > make a domain evil. It just increases the chances that it is evil. > And where would you get this info? How would you feed this list. > dailychanges.com?
No, it wouldn't be a real DNS URIBL, but whois with result caching. > Essentially you are looking at a URI greylist for whois date info. Exactly. > Its just too prone to FPs. I would think a shiny new legitimate domain name would generally only appear in emails among the people setting the domain name services up, and they are all probably mutually whitelisted. But I may be an optimist... -- John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- ...the Fates notice those who buy chainsaws... -- www.darwinawards.com ----------------------------------------------------------------------- Tomorrow: Halloween
