Quoting "Kevin A. McGrail" <kmcgr...@pccc.com>:
On 6/9/2014 2:24 PM, Patrick Domack wrote:
Quoting "Kevin A. McGrail" <kmcgr...@pccc.com>:
On 6/9/2014 1:23 PM, Patrick Domack wrote:
I have been tracking this for about 2 weeks now myself.
Comparing my list of new domains, shows that DOB seems to pick
them up after they are 2 days old.
I also tried to compair my list to fresh.spameatingmonkey.net,
but none of my domains in the 0-5days old would get a match for
com/net domains. I do get some hits for info and us though. But
it's normally com and a few us that are on my lists.
I am currently doing a whois lookups for about 30 tld's, and
tracking their time and registar. I do minimize the lookups.
I am currently seeing, about 2 .asia, 2 .uk, and then around 100
.com (all the .com are ENOM) sending email to me, with an age
<1day old. This is pretty consistant day to day.
I wonder how we can use DNS, an RBL and distributed lookups to get
the age of domains AND share the information so it's centrally
available...
That could be easily done. Only issue is, if you trust the
distributed lookups to have accurate infomation.
I suppose we could build in a trust system, where if enough
distributed clients upload the same info, it could be trusted.
This could work out pretty good. Each dns-rbl cluster could run
with their own shared database, and you can cross-publish to other
dns-rbl clusters, and set your own trust rating, depending on how
many copies you get, on if you trust the info, or do your own whois
lookup for the info.
Bad thing is, I wonder how fast these are hammers out, and if the
trust and replication wouldn't matter, due to latency.
Thanks for weighing in. These are all issues we've solved with
other RBLs via rsync of the data and I want to keep the hurdle low
for implementation so you are write about the trust rating, etc.
Well, while rsync works, you need a source, if the source was a feed
from the tld's themselfs, that would work just fine.
The main thing I'm more worried about here is making sure new domains
are noticed. Atleast I have seen <1day old domains send a lot more
spam than 2-3day old ones.
So the new, unknown domain, is going be more important to lookup.
