Well this has been brought up before. It is a very good idea, however difficult to implement. Unfortunetly the date returned by a whois querey comes in a wide variety of flavors. We (SARE) thought we had all of the returned date codes figured out. Nope. New ones still keep coming.
uribl.com has some ideas on how to attack this very issue, but not sure it is worth it yet.
In short, it would be wonderful to start doing whois lookups for every domain in an email. Lots of things could be flagged off of it. Think of a sort of baysien whois DB. But the traffic would be pretty dam big.
--Chris
Perhaps a centralized system could provide a whois date check, allowing the client side of the implementaion to not need constant updating.
John Delisle, CISA Senior Network Analyst, Network and Security Team Information Systems & Technology Management Dept. Ceridian Canada Ltd 600 - 125 Garry St Winnipeg, MB R3C 3P2 204-975-5909
Chris Santerre csanterre@MerchantsOverseas.com Sent by: discuss-bounces@lists.surbl.org 05/09/2005 08:34 AM Please respond to SURBL Discussion list discuss@lists.surbl.org
To "'SURBL Discussion list'" discuss@lists.surbl.org cc
Subject RE: [SURBL-Discuss] newly registered domains
Well this has been brought up before. It is a very good idea, however difficult to implement. Unfortunetly the date returned by a whois querey comes in a wide variety of flavors. We (SARE) thought we had all of the returned date codes figured out. Nope. New ones still keep coming.
uribl.com has some ideas on how to attack this very issue, but not sure it is worth it yet.
In short, it would be wonderful to start doing whois lookups for every domain in an email. Lots of things could be flagged off of it. Think of a sort of baysien whois DB. But the traffic would be pretty dam big.
--Chris _______________________________________________ Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
-
Chris Santerre -
John_Delisle@ceridian.ca