On Wed, 2004-12-01 at 14:35, Chris Santerre wrote: > We are seeing an increase in throw away domains being used to reroute > to other domains that will NEVER show up directly in a spam. All in > attempts to get passed SURBL.
I'm going to bring up this idea again, in a slightly different context this time: Perhaps it would be useful to have a SURBL list that is automatically generated daily from the registrars' notifications of domains that have been recently created. This information is available for free download - I'm pretty sure I posted the location here a while ago. The definition of "recently" might require some testing to set properly, perhaps a starting point would be one week. Granted this SURBL would be more subject to FPs than a hand-maintained list, so it should have a correspondingly lower default score. And it wouldn't help too much if spammers don't start using their throwaway domains immediately after registering them. -- John Hardin Internal Systems Administrator (Seattle) CRS Retail Systems, Inc. 3400 188th Street SW, Suite 185 Lynnwood, WA 98037 voice: (425) 672-1304 fax: (425) 672-0192 email: [EMAIL PROTECTED] web: http://www.crsretail.com ----------------------------------------------------------------------- If you smash a computer to bits with a mallet, that appears to count as encryption in the state of Nevada. - CRYPTO-GRAM 12/2001 -----------------------------------------------------------------------
