Marc Perkel wrote:
Yet Another Ninja wrote:
On 7/2/2008 6:05 PM, Marc Perkel wrote:
Is there an easy way to detect the registrar of a domain through DNS?
For example - can I easilly figure out if an email I'm processing is
hosted by GoDaddy or Tucows?
Here's what I'm thinking. I think there's some expensive and highly
secure registrars out there who are the registrar of expensive
domains and probably have no spam domains at all. This could be used
to create white rules.
Can this be done?
you sure there are major registrars you can whitelist?
http://rss.uribl.com/nic/
Even EUrid is happily supporting pillz spammers on .eu
Not major registrars, minor ones. There's one called markmonitor.com
that seems to have clients like banks and major corporations. My guess
is that this is an extremely expensive registrar where security means
everything and no one is going to accidentally mess with anything. The
idea here is that if the registrar is this expensive and restrictive
then only the good guys will be using them. At least that was what I
would test if there were a way to test it. Apparently there is not.
Not reliably & securely. Parsing whois data is messy, there's no
standard format, clients are blocked frequently, and data can be quite
stale (dns servers ips are often old). The best you can do is a static
list that is part of an SA rule to add a point or so if you are also
happy with the dns....if you really think it's worth it. DKIM does a
better job with most of these domains anyway, imo.
fwiw, markmonitor 'monitors' 'marks' - they are in the intellectual
property protection business. Too bad ICANN wasn't using them.
http://www.icann.org/en/announcements/announcement-03jul08-en.htm
ooops!
Ken
--
Ken Anderson
Pacific.Net
