>From: Chris Santerre [mailto:[EMAIL PROTECTED] > >Hell, I'd love to see it as well. Except this data alone does not make a domain >evil. It just increases the chances that it is evil. And where would you get this >info? How would you feed this list. dailychanges.com? > >Essentially you are looking at a URI greylist for whois date info. Its just too >prone to FPs.
I'd say reverse the viewpoint. IF the name has been in place for quite some time AND it passes one of the checks that show it's not a spoofed email (SPF, DomainKeys, etc), THEN apply a good strong ham score. (Less strong if the domain's recently been updated) The more good ham indicators we can include the better, as FPs are the devil themselves :) [And hopefully if we could add a lot of good, stong ham indicators then the spam indicators might all be able to be scored higher, yielding even better catching as well.] Of course this one's problematic because the TLD providers don't in general provide a quick, efficient network check for this sort of thing. But in general I'd say the more strong ham indicators we find the better. -- John C. Ring, Jr. [EMAIL PROTECTED] Network Engineer Union Switch & Signal Inc. "If men were angels, no government would be necessary. If angels were to govern men, neither external nor internal controls on government would be necessary." -- James Madison
