Blaine Fleming wrote:
John Hardin wrote:
Why is it so flippin' difficult to get a feed of newly-registered
domain names?
Because the TLDs hate giving people access to the data and certainly
won't provide a feed without a bunch of cash involved. Even worse,
all the ccTLDs pretty much refuse to even talk to you about access to
the zones. This is why I started processing all the TLDs I was able
to obtain access to. There is lag but the most it could be is about
24 hours and that assumes they register a new domain immediately after
the TLD dumps the zone.
Honestly, on my system I have less than 0.01% hits against a list of
domains registered in the last five days so I've always considered the
list a failure. However, several others are reporting excellent hit
rates on it. I think it is because the test is so far after
everything else though.
--Blaine
Thanks Blaine,
John, the problem is that even if you have access to the data you have
to compare gigabyts to the previous day so there's a big delay in even
producing the lists. So my experiment is not to figure out how to get
them listed, but detect them from not being listed. I'm also NOT testing
this with SA. I'm using Exim rules and combining it with other sins to
produce an RBL list that those of you using SA can use.
Where I'm getting hits is on spam bots that link to these new domains.
Spambots are easy to detect because they never use the QUIT command to
clost the connection. So if a spambot message links to an "unfamliar"
domain (a domain NOT on my list) then that domain goes into my URIBL
list which I'm going to ship off to the folks at SURBL, which will
trickle down to you all here.
That is the plan - if it works. And it will get the offenders listed
quickly.
