On Wed, 2 Jul 2008, Marc Perkel wrote:
John Hardin wrote:
On Wed, 2 Jul 2008, Marc Perkel wrote:
> Is there an easy way to detect the registrar of a domain through DNS?
> For example - can I easilly figure out if an email I'm processing is
> hosted by GoDaddy or Tucows?
Registrar != hosted by.
> Here's what I'm thinking. I think there's some expensive and highly
> secure registrars out there who are the registrar of expensive domains
> and probably have no spam domains at all. This could be used to create
> white rules.
>
> Can this be done?
This has been discussed before, at least from the POV of identifying *bad*
domains, and it sounds like a fairly good idea if someone is willing and
able to get a realtime ICANN feed of domain/registrar data and create a
URIBL from it.
Actually I'm not looking for spam friendly registrars. I'm looking for
registrars that banks use that are really expensive and spammers never use.
This is for white listing - not black listing.
The URIBL-based-on-registrar solution doesn't change, just (1) which
registrars you choose to use to populate your URIBL, and (2) the score is
negative rather than positive.
The data can be useful in either direction - reputation works both ways.
For example, I noticed that Wells Fargo Bank and bank of America both
use a registrar called markmonitor.com. I'm guessing that this is a
highly secure and expensive registrar than only banks and really big
customers use. So if the FCrDNS of the sending host resolves to a domain
that is registered with markmonitor.com then it's not spam. (Less of
course ISPs and Freemail providers)
Does SA support checking the FCrDNS domain of the sending host against a
URIBL?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Men by their constitutions are naturally divided in to two parties:
1. Those who fear and distrust the people and wish to draw all
powers from them into the hands of the higher classes. 2. Those who
identify themselves with the people, have confidence in them,
cherish and consider them as the most honest and safe, although not
the most wise, depository of the public interests.
-- Thomas Jefferson
-----------------------------------------------------------------------
2 days until the 232nd anniversary of the Declaration of Independence
