[SURBL-Discuss] newly registered domains

Matthew Wilson matthew at boomer.com
Mon May 9 15:44:14 CEST 2005


Why not integrate a whois date lookup directly into SURBL or URIBL?
Design an encoding system whereby
suspectedspammydomain.spammertld.dr.surbl.org (or uribl.com) would
return the date somehow regex encoded in the IP address.  Then write a
nice SA rule that decodes it, also using regex.  Are there any regex
geniuses out there that could encode a date in an IP address?

-Matthew


> Well this has been brought up before. It is a very good idea, 
> however difficult to implement. Unfortunetly the date 
> returned by a whois querey comes in a wide variety of 
> flavors. We (SARE) thought we had all of the returned date 
> codes figured out. Nope. New ones still keep coming. 
> 
> uribl.com has some ideas on how to attack this very issue, 
> but not sure it is worth it yet. 
> 
> In short, it would be wonderful to start doing whois lookups 
> for every domain in an email. Lots of things could be flagged 
> off of it. Think of a sort of baysien whois DB. But the 
> traffic would be pretty dam big. 
> 
> --Chris
> _______________________________________________
> Discuss mailing list
> Discuss at lists.surbl.org
> http://lists.surbl.org/mailman/listinfo/discuss
> 
> 
> 




More information about the Discuss mailing list