On Sun, 30 Jun 2019, Grant Taylor wrote:
On 6/30/19 12:05 PM, John Hardin wrote:
There's really no infrastructure for it. Somebody would have to hook into
the registrar data feeds to collect it and publish it in a usable form, and
nobody has done so that I am aware of.
Whois Domain Search has some information.
Link - Whois Domain Search
- http://whoisds.com/
They provide an API and an ability to download copies of their database.
I'm downloading their free newly registered domain list. It's only a list of
domains registered in the last day and they have 10 (?) days worth available
for download.
A decade ago I wrote a plugin that used whois to try to do this as an
experiment. The big drawback is: actually doing this could easily be
considered abuse of the whois system and could easily get you blacklisted.
This is *not* recommended for production use.
http://www.impsec.org/~jhardin/antispam/registrar_scoring/
This is just for illustration. I *strongly* discourage using this in
anything other than a limited test environment (assuming it even still
works).
Interesting. I'll have to read and assimilate your work. I'm sure I'll
learn many things. Thank you for sharing. :-)
If I were ever to implement something like this, I would NOT blindly do the
Whois query directly for each incoming email. I would query a local service
that cached information (as in committed to disk) and have that service fetch
information about domains that it didn't have information on.
Which is what that does.
I might even make such a system periodically check to see if things like DNS
servers had changed and then refresh the cache on demand as necessary.
I don't remember if I implemented cache expiry.
I agree that blindly and directly doing a Whois query for each and every
incoming email would cause some people to get upset. Not to mention the
performance and latency implications.
Well, for each domain not seen [yet|recently].
If you had access to the registrar feeds you might be able to write
something that used that data which would not be considered abusive.
I think that's exactly the type of data that Whois Domain Search is selling,
and why they are selling it.
Right. I neglected to mention above that the data *was* available for $$$,
as I presumed we were discussing this in the context of a free service.
Is there anybody in the SA user community who does have access to the raw
registrar feeds?
I don't. But I think Whois Domain Search offers trial options.
No, I'm not affiliated with Whois Domain Search. I simply download their
free list of domains registered yesterday each day. }:-) Not that I've
actually done anything with that data yet. But that's a different problem.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Are you a mildly tech-literate politico horrified by the level of
ignorance demonstrated by lawmakers gearing up to regulate online
technology they don't even begin to grasp? Cool. Now you have a
tiny glimpse into a day in the life of a gun owner. -- Sean Davis
-----------------------------------------------------------------------
4 days until the 243rd anniversary of the Declaration of Independence
