Jonas Eckerman wrote:
(The idea below is not mine, someone else (I'm sorry, but I forgot
who) wrote about it here (I think) before.)
Giampaolo Tomassoni wrote:
brand-new domains,
Something that could work for this without the problems inherent in
using whois or registry databases is to simply check how long ago a
domain was first seen beeing used for sending mail or in URIs in mail.
(People might allready be doing this locally, but doing it centralized
could work better.)
A specialized DNS server could be done for this. It'd work something
like this:
1: It receives a query.
2: It checks in it's database.
3.a, found in database:
* Return result indicating how long ago domain was added.
3.b: not found:
* Adds the domain to the database.
* Return result indicating new domain.
(It might be a good idea to also save last queried time for each
domain (meaning 2.a will need to update the database) in order to be
able to clean out domains that hasn't been seen for a long time.)
In order to be effective, such a DNS list must be used by a lot of
different systems spread all over the world and used by different type
of organizations.
It will also take time time until it can be used in an effective
manner, so enough people would have to be using it for some time with
very low scores just to seed it.
Wouldn't this be reinventing /etc/hosts? I mean, if you list all
domains, you end up with a huge database... or am I missing something?
I could probably throw together a proof-of-concept DNS thingy in perl
for this, but I don't have the hardware to host it for production use,
nor the time to do it properly (perl would probably not be the best
language to do it in).
The best way might be to actually implement this in an existing
DNS-list server, so it could be seeded thorugh queries fopr that list.
If, just as an example, SURBL did this, the list would be seeded by
all systems allready using SURBL lists, and the results could be
included in multi.surbl.org.
(Please not, I have no idea if implementing this in SURBLs DNS system
is feasible in any way (wr to software, hardware, lunch breaks, or
whatever), it was just an example.)
Regards
/Jonas