[SURBL-Discuss] newly registered domains

John_Delisle at ceridian.ca John_Delisle at ceridian.ca
Mon May 9 20:18:51 CEST 2005


Assuming a centralized system was doing this, it could cache the results 
and reduce the lookups/hr.

John Delisle, CISA
Senior Network Analyst, Network and Security Team
Information Systems & Technology Management Dept.
Ceridian Canada Ltd
600 - 125 Garry St
Winnipeg, MB
R3C 3P2
204-975-5909




Chris Santerre <csanterre at MerchantsOverseas.com> 
Sent by: discuss-bounces at lists.surbl.org
05/09/2005 09:20 AM
Please respond to
SURBL Discussion list <discuss at lists.surbl.org>


To
"'SURBL Discussion list'" <discuss at lists.surbl.org>
cc

Subject
RE: [SURBL-Discuss] newly registered domains






Because they don't take to kindly to anyone doing tons of whois looksups 
an
hour. Trust me ;)

--Chris 

>-----Original Message-----
>From: Matthew Wilson [mailto:matthew at boomer.com]
>Sent: Monday, May 09, 2005 9:44 AM
>To: SURBL Discussion list
>Subject: RE: [SURBL-Discuss] newly registered domains
>
>
>Why not integrate a whois date lookup directly into SURBL or URIBL?
>Design an encoding system whereby
>suspectedspammydomain.spammertld.dr.surbl.org (or uribl.com) would
>return the date somehow regex encoded in the IP address.  Then write a
>nice SA rule that decodes it, also using regex.  Are there any regex
>geniuses out there that could encode a date in an IP address?
>
>-Matthew
>
>
>> Well this has been brought up before. It is a very good idea, 
>> however difficult to implement. Unfortunetly the date 
>> returned by a whois querey comes in a wide variety of 
>> flavors. We (SARE) thought we had all of the returned date 
>> codes figured out. Nope. New ones still keep coming. 
>> 
>> uribl.com has some ideas on how to attack this very issue, 
>> but not sure it is worth it yet. 
>> 
>> In short, it would be wonderful to start doing whois lookups 
>> for every domain in an email. Lots of things could be flagged 
>> off of it. Think of a sort of baysien whois DB. But the 
>> traffic would be pretty dam big. 
>> 
>> --Chris
>> _______________________________________________
>> Discuss mailing list
>> Discuss at lists.surbl.org
>> http://lists.surbl.org/mailman/listinfo/discuss
>> 
>> 
>> 
>
>
>_______________________________________________
>Discuss mailing list
>Discuss at lists.surbl.org
>http://lists.surbl.org/mailman/listinfo/discuss
>
_______________________________________________
Discuss mailing list
Discuss at lists.surbl.org
http://lists.surbl.org/mailman/listinfo/discuss




More information about the Discuss mailing list