[Mimedefang] Enlisting registrars in fighting phishing and other scams

Kelsey Cummings kgc at corp.sonic.net
Wed Aug 22 20:23:18 EDT 2007


On Wed, Aug 22, 2007 at 01:05:00PM -0400, David F. Skoll wrote:
> Jan-Pieter Cornet wrote:
> 
> > Another point is, as someone (RfG) on another mailinglist found out
> > the hard way... if you "whois" every new domain that you see in email,
> > even if you just run "whois" once for every domain, you are likely to
> > hit query threshholds for whois services, and you are blacklisted as
> > an abuser.
> 
> Also, there's a trivial way around this.  Register all your 1000 domains
> on the same day.  Wait a couple of weeks.  Then start using them.
> 
> What you really want to penalize is mail from a domain that has only
> been spotted sending mail recently.  That, however, is very hard
> to measure.

Not if you happen to process a lot of mail yourself or if you either happen
to provide public secondary services for or, perhaps, run your own domain
based blacklist.  Senderbase/Ironport has essentially been doing this for a
while but, so far as I know, hasn't made the data publically available via
a dns lookup.

-- 
Kelsey Cummings - kgc at corp.sonic.net      sonic.net, inc.
System Architect                          2260 Apollo Way
707.522.1000                              Santa Rosa, CA 95407



More information about the MIMEDefang mailing list