[SURBL-Discuss] newly registered domains
matthew at boomer.com
Mon May 9 15:44:14 CEST 2005
Why not integrate a whois date lookup directly into SURBL or URIBL?
Design an encoding system whereby
suspectedspammydomain.spammertld.dr.surbl.org (or uribl.com) would
return the date somehow regex encoded in the IP address. Then write a
nice SA rule that decodes it, also using regex. Are there any regex
geniuses out there that could encode a date in an IP address?
> Well this has been brought up before. It is a very good idea,
> however difficult to implement. Unfortunetly the date
> returned by a whois querey comes in a wide variety of
> flavors. We (SARE) thought we had all of the returned date
> codes figured out. Nope. New ones still keep coming.
> uribl.com has some ideas on how to attack this very issue,
> but not sure it is worth it yet.
> In short, it would be wonderful to start doing whois lookups
> for every domain in an email. Lots of things could be flagged
> off of it. Think of a sort of baysien whois DB. But the
> traffic would be pretty dam big.
> Discuss mailing list
> Discuss at lists.surbl.org
More information about the Discuss