On Sat, Mar 11, 2017, at 16:19, Rich Kulawiec wrote: > On Sat, Mar 11, 2017 at 10:52:21AM +0800, ComKal Networks wrote: > > I have noticed the scrapping of whois and dns records > > appears to have increased dramatically over the past > > 2 years. > > Both of those are poor sources of email addresses, though: the > duplication > across many domains and the frequent use of role accounts means that even > someone with WHOIS data for 100M domains may only have 30M valid > addresses > and half of those may be role accounts. (Real data point pulled from > some info I have on hand: 790876 domains, 309907 unique email addresses, > about 125K of those using obfuscated registration, 3K "hostmaster" or > "postmaster", 4K "admin", so roughly 200K or 25% viable spam targets.) > > I'm not saying they're not doing it: of course they are. I've done > some manipulation of WHOIS and DNS records in order to track it, so > I've got proof in hand. I'm sure others do as well. I'm just saying > that it's not one of the more productive approaches.
In my very limited experiments there is far more WHOIS scraping than DNS SOA scraping. I get very little spam to an address that only exists as a SOA record, far more to the WHOIS contacts, especially after registering a new domain. I suspect ICANN's current process of requiring an address that doesn't bounce makes WHOIS a richer source than it otherwise would be, while SOA records are unlikely to be maintained by less technical users (and are more likely to point to a provider who will simply disregard the crap). _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
