Quoting "David F. Skoll" <d...@roaringpenguin.com>:
On Mon, 09 Jun 2014 15:24:29 -0400
Patrick Domack <patric...@patrickdk.com> wrote:
The point was, I have already done this, and have it in production.
I did this cause this subject keeps coming up from time to time, and
I was personally interested to see the results of it.
Interesting. If you don't mind my asking... how much data do you
collect? How many lookups/day?
I was thinking a system that gets lookups from thousands or more SA
installations would get a pretty good overview of new domains. A local
installation would necessarily see a limited subset.
And I do agree with Rob McEwen on many points. And I would be
hisentant to outright block. But so far, and I doubt much in real
usage, and haven't found any yet, any issues with blocking <1day
outright.
Or even just holding the mail for a day or so and then re-analyzing it.
Yes, I did use a greylisting type method also.
I am distributing it from 5 mailsystems right now. Doing around 10k
new domains added to the db each day.
I guess what would need to be hammered out, is, the exact info wanted.
We know age, and registrar. Though doing the registrar isn't so
simple, as the same for just ENOM changes between tld, and even within
a single tld (likely from the mergers they had).
