[dns-operations] negative caching of throwaway spam domains
wessorh at ar.com
Thu Jul 6 21:22:00 UTC 2006
> I actually not exactly sure what you mean above. But in the same space
> for complex email filtering systems (that don't just do pass/fail), the
> total domain time of registration of the domain (i.e. creation date from
> whois) is a good input, i.e. while < 1 day old might be viewed as -2
> negative score, > 3 years old might be viewed as +2 positive input score.
> DNS zone parsing is not a good parameter for this, but as I mentioned on
> nanog long ago internic whois is (although its not really designed for
> high-rate tests with caching it works).
we aren't talk to the whois, we watch to see what is registered each day
and compile a list from that which is published via dnsrbl.
More information about the dns-operations