[dns-operations] negative caching of throwaway spam domains

Rick Wesson wessorh at ar.com
Thu Jul 6 21:22:00 UTC 2006

william(at)elan.net wrote:
> I actually not exactly sure what you mean above. But in the same space
> for complex email filtering systems (that don't just do pass/fail), the 
> total domain time of registration of the domain (i.e. creation date from 
> whois) is a good input, i.e. while < 1 day old might be viewed as -2 
> negative score, > 3 years old  might be viewed as +2 positive input score.
> DNS zone parsing is not a good parameter for this, but as I mentioned on
> nanog long ago internic whois is (although its not really designed for
> high-rate tests with caching it works).

we aren't talk to the whois, we watch to see what is registered each day 
and compile a list from that which is published via dnsrbl.


More information about the dns-operations mailing list