On Tue, May 27, 2014 15:32, Bennett Todd wrote: > Two thoughts. > > I've received legitimate email from a registrar where I was listed as a > contact for a domain. If no one uses an email address in your domain to > register, that's not a problem.
I am attempting to be circumspect with respect to this situation. Briefly, I have formed the belief -- based upon evidence of mass changes to the ownership and contact information of domains I reported as providing fraudulent contact information and acting as ephemeral sources of mass UCE mailings -- that the registrar of these domains is directly involved in the underlying SPAM utterances and is not simply incompetent, inefficient, disinterested or simply lazy. As I say, this is my belief and I do not ask any to share it. However, I am prepared to act upon it in my own interests. Presently I am not in the position to develop my own milter although that may be exactly what I will have to do in the end. I am seeking some sort of add-in to Postfix that will take the incoming email domain and do a check of some local cache acting thereafter according to the contents thereof. If the domain is not already tagged then the milter does a whois on the domain and determines the registrar. If the registrar is blacklisted in our configuration then that domain is tagged, cached, the connection dropped and further connections from the same domain are found in the cache and effectively ignored. Obviously, once the basics for such a milter are in place it is no great stretch to check the registration date and tag those domains as well regardless of registrar. There seem to me no difficulty having uncached, non-whitelisted, domains given a temporary refusal while the whois lookup takes place, thus allowing reasonably spaced whois lookups. If the whois query is not returned in a timely manner (read blocked) then email from the subject domain is refused on a temporary basis until the information is obtained and a determination made. I am fairly confident that in our circumstance the number of whois queries will be rather small and the great majority of domains checked will prove to be spam sources. My enquiry here is aimed at establishing whether this is already done and if not then the feasibility of doing it at all. I am aware of the Prefix WhoIs Milter project but that simply provides additional headers. I am looking for something a little more interventionist. Of course, if I have to do this myself then that would be a good place to start. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
