[Mimedefang] Enlisting registrars in fighting phishing and other scams
Kelsey Cummings
kgc at corp.sonic.net
Wed Aug 22 20:23:18 EDT 2007
On Wed, Aug 22, 2007 at 01:05:00PM -0400, David F. Skoll wrote:
> Jan-Pieter Cornet wrote:
>
> > Another point is, as someone (RfG) on another mailinglist found out
> > the hard way... if you "whois" every new domain that you see in email,
> > even if you just run "whois" once for every domain, you are likely to
> > hit query threshholds for whois services, and you are blacklisted as
> > an abuser.
>
> Also, there's a trivial way around this. Register all your 1000 domains
> on the same day. Wait a couple of weeks. Then start using them.
>
> What you really want to penalize is mail from a domain that has only
> been spotted sending mail recently. That, however, is very hard
> to measure.
Not if you happen to process a lot of mail yourself or if you either happen
to provide public secondary services for or, perhaps, run your own domain
based blacklist. Senderbase/Ironport has essentially been doing this for a
while but, so far as I know, hasn't made the data publically available via
a dns lookup.
--
Kelsey Cummings - kgc at corp.sonic.net sonic.net, inc.
System Architect 2260 Apollo Way
707.522.1000 Santa Rosa, CA 95407
More information about the MIMEDefang
mailing list