Re: Scoring by registrar?

Sun, 30 Jun 2019 11:41:27 -0700 

On 6/30/19 12:05 PM, John Hardin wrote:
There's really no infrastructure for it. Somebody would have to hook into the registrar data feeds to collect it and publish it in a usable form, and nobody has done so that I am aware of. 

Whois Domain Search has some information.

Link - Whois Domain Search
 - http://whoisds.com/

They provide an API and an ability to download copies of their database.


I'm downloading their free newly registered domain list.  It's only a 
list of domains registered in the last day and they have 10 (?) days 
worth available for download.



A decade ago I wrote a plugin that used whois to try to do this as an 
experiment. The big drawback is: actually doing this could easily be 
considered abuse of the whois system and could easily get you 
blacklisted. This is *not* recommended for production use.


   http://www.impsec.org/~jhardin/antispam/registrar_scoring/


This is just for illustration. I *strongly* discourage using this in 
anything other than a limited test environment (assuming it even still 
works).



Interesting.  I'll have to read and assimilate your work.  I'm sure I'll 
learn many things.  Thank you for sharing.  :-)



If I were ever to implement something like this, I would NOT blindly do 
the Whois query directly for each incoming email.  I would query a local 
service that cached information (as in committed to disk) and have that 
service fetch information about domains that it didn't have information on.



I might even make such a system periodically check to see if things like 
DNS servers had changed and then refresh the cache on demand as necessary.



I agree that blindly and directly doing a Whois query for each and every 
incoming email would cause some people to get upset.  Not to mention the 
performance and latency implications.



If you had access to the registrar feeds you might be able to write 
something that used that data which would not be considered abusive.



I think that's exactly the type of data that Whois Domain Search is 
selling, and why they are selling it.



Is there anybody in the SA user community who does have access to the 
raw registrar feeds?


I don't.  But I think Whois Domain Search offers trial options.


No, I'm not affiliated with Whois Domain Search.  I simply download 
their free list of domains registered yesterday each day.  }:-)  Not 
that I've actually done anything with that data yet.  But that's a 
different problem.




--
Grant. . . .
unix || die




Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature























					Reply via email to