On 6/30/19 11:05 AM, John Hardin wrote:
On Sun, 30 Jun 2019, Sean Lynch wrote:
A very large number (nearly all, in fact) of the spams I receive
these days involve domains registered with Namecheap.
I'd like to add a spam score to any message using a domain registered
with them.
Does such functionality already exist in SpamAssassin? Is there an
RHSBL or some other simple mechanism I could use to look up the
registrar for a domain?
There's really no infrastructure for it. Somebody would have to hook
into the registrar data feeds to collect it and publish it in a usable
form, and nobody has done so that I am aware of.
A decade ago I wrote a plugin that used whois to try to do this as an
experiment. The big drawback is: actually doing this could easily be
considered abuse of the whois system and could easily get you
blacklisted. This is *not* recommended for production use.
http://www.impsec.org/~jhardin/antispam/registrar_scoring/
This is just for illustration. I *strongly* discourage using this in
anything other than a limited test environment (assuming it even still
works).
I've been wary of just querying whois for precisely this reason. Maybe
rate-limited queries along with greylisting to give time to do the lookup?
If you had access to the registrar feeds you might be able to write
something that used that data which would not be considered abusive.
Is there anybody in the SA user community who does have access to the
raw registrar feeds?
This would be lovely. Turning it into a DNS-based service would be even
better!
Thanks for the response!
