Blaine Fleming wrote:
John Hardin wrote:
Why is it so flippin' difficult to get a feed of newly-registered
domain names?
Because the TLDs hate giving people access to the data and certainly
won't provide a feed without a bunch of cash involved. Even worse,
all the ccTLDs pretty much refuse to even talk to you about access to
the zones. This is why I started processing all the TLDs I was able
to obtain access to. There is lag but the most it could be is about
24 hours and that assumes they register a new domain immediately after
the TLD dumps the zone.
Honestly, on my system I have less than 0.01% hits against a list of
domains registered in the last five days so I've always considered the
list a failure. However, several others are reporting excellent hit
rates on it. I think it is because the test is so far after
everything else though
To some extent, I like the concept. But I think the results are going to
be somewhat limited because the sneakiest of spammers often allow their
domains to "age" a bit for the very reason that "age of domain" is a
common metric in the evaluation of domain reputation. Snowshoe spammers
in particular have caught onto this fact in recent years/months.
Therefore, the tendency will be for DOB lists to catch spam that was
already well-caught, such as botnet-sent spams. (matching up with what
Blaine said). Also, Marc is wise to consider combining this with other
metrics because it is not that uncommon for some large and legit
organization to blast out an e-mail to their members discussing some new
web site which uses a domain name just bought a few days ago.
But, as someone else said, such a list might be effective for scoring 1
point, or something like that. I'd be interested in putting such a list
to use in my own spam filtering in such a manner.
--
Rob McEwen
http://dnsbl.invaluement.com/
[EMAIL PROTECTED]
+1 (478) 475-9032
