[SURBL-Discuss] Start an IP list to block?

Ryan Thompson ryan at sasknow.com
Thu Sep 9 23:56:19 CEST 2004

Jeff Chan wrote to SURBL Discussion list and Spamassassin-Talk (E-mail):

> .com is so large and rapidly changing as to be practically
> unknowable.  That's what I mean by "can't".

IIRC, .com is up to about 25M domains, and it's way, way higher than the
other gTLDs (and light years beyond ccTLDs).

> By the time you have all of .com fully cataloged, it will have
> changed significantly.

25M queries isn't that hard, and it can be trivially distributed to make
for a more responsive system. Even 250M isn't out of reach.

As I mentioned, the base problem has already been solved by whois.sc,
and probably others. We just need to adapt it to be useful in fighting

Oh, and, we can *also* use this data to safely determine domain age for
newly registered domains. Since the most spammy domains are less than a
week old, we'll start to have useful information for *that* within about
a week. :-)

> Really the only ones who could collectively determine how spammy a
> particular virtual host IP is are the domain registrars working
> together and pooling all their registration data then resolving every
> hostname and building a database of all the resolved IPs mapped back
> into all of their domain names.

That's *exactly* what I'm suggesting, and the registrars already pool
their data. They're called TLD zone files, and (almost) anyone can
download them.

> If you can't see all the good guy domains on a virtual hosting
> IP, then you can't see who else you would block.

We *can*, Jeff. We can. That was the whole point of my message.

- Ryan

   Ryan Thompson <ryan at sasknow.com>

   SaskNow Technologies - http://www.sasknow.com
   901-1st Avenue North - Saskatoon, SK - S7K 1Y4

         Tel: 306-664-3600   Fax: 306-244-7037   Saskatoon
   Toll-Free: 877-727-5669     (877-SASKNOW)     North America

More information about the Discuss mailing list