On Tue, 3 Apr 2007, Dave Pooser wrote: > I'm seeing a bunch of spam using URLs from domains created on the > same day or in the past day or two. I don't know how red.uribl.com > works, but I imagine it missed the same-day stuff because its > automated process needs time to work. Is there a better way to > handle this-- possibly pulling the information from whois during > mail processing? (Although that would be resource-intensive and > would probably run afoul of their prohibition on high-volume > querying, so that's probably a lose.)
The registrar scoring plugin I wrote could probably be pretty easily extended to compare the creation date to now, but you're right, it does abuse the whois system. It tries to minimize that through caching, though. http://www.impsec.org/~jhardin/antispam/registrar_scoring/ -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- Insofar as the police deter by their presence, they are very, very good. Criminals take great pains not to commit a crime in front of them. -- Jeffrey Snyder ----------------------------------------------------------------------- 10 days until Thomas Jefferson's 264th Birthday
