Going back to the OP of this thread after some thinking: On Thu, Dec 19, 2013 at 4:02 PM, Joe Quinn <[email protected]> wrote:
> We are noticing a lot of spam coming from domains that are less than two > months old. Is there a good way to detect this automatically? > > We've thought about whois, but do not want to get blocked for looking like > we are harvesting information. > At dnswl.org we have quite some historical data, and some information we can derive from that data: * When have we first "seen" an IP address (being queried on our nameservers; data older 12 months is thrown away) * Aggregate the above by DNSWL record (with it's associated domain names) * Edit history by DNSWL record (with it's associated domain names) * Infer domain names from hostnames we have stored for IPs (could be restricted to cases where DNS is forward/reverse consistent) Is there some interest in such a list? What is the expected benefit? How would it be used? What information should be included in the response? How should the response be structured? "Age" in days or weeks? As we would need to dedicate some initial and ongoing resources, we would not want to make the effort without some meaningful feedback :) -- Matthias
