On 6/30/19 11:40 AM, Grant Taylor wrote:
On 6/30/19 12:05 PM, John Hardin wrote:
There's really no infrastructure for it. Somebody would have to hook
into the registrar data feeds to collect it and publish it in a
usable form, and nobody has done so that I am aware of.
Whois Domain Search has some information.
Link - Whois Domain Search
- http://whoisds.com/
They provide an API and an ability to download copies of their database.
I'm downloading their free newly registered domain list. It's only a
list of domains registered in the last day and they have 10 (?) days
worth available for download.
I wonder if that's the list fresh.fmb.la uses?
A decade ago I wrote a plugin that used whois to try to do this as an
experiment. The big drawback is: actually doing this could easily be
considered abuse of the whois system and could easily get you
blacklisted. This is *not* recommended for production use.
http://www.impsec.org/~jhardin/antispam/registrar_scoring/
This is just for illustration. I *strongly* discourage using this in
anything other than a limited test environment (assuming it even
still works).
Interesting. I'll have to read and assimilate your work. I'm sure
I'll learn many things. Thank you for sharing. :-)
If I were ever to implement something like this, I would NOT blindly
do the Whois query directly for each incoming email. I would query a
local service that cached information (as in committed to disk) and
have that service fetch information about domains that it didn't have
information on.
I might even make such a system periodically check to see if things
like DNS servers had changed and then refresh the cache on demand as
necessary.
I agree that blindly and directly doing a Whois query for each and
every incoming email would cause some people to get upset. Not to
mention the performance and latency implications.
If you had access to the registrar feeds you might be able to write
something that used that data which would not be considered abusive.
I think that's exactly the type of data that Whois Domain Search is
selling, and why they are selling it.
Is there anybody in the SA user community who does have access to the
raw registrar feeds?
I don't. But I think Whois Domain Search offers trial options.
No, I'm not affiliated with Whois Domain Search. I simply download
their free list of domains registered yesterday each day. }:-) Not
that I've actually done anything with that data yet. But that's a
different problem.
With fresh.fmb.la, the raw data is a little less useful unless you want
better resolution than a week at a time. It might be useful for finding
and reporting Bitmain lookalike domains before they get used in spam blasts.
I might find it worth it to sign up for one of their services if I can
use it to offer some useful service such as a DNSBL to others. I'll need
to check their subscriber agreement. Thanks for pointing it out!
