[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

blacklisting throwaway domains, was Re: [Asrg] Re: 6 - Yahoo Domain Keys

To: millenix at zemos.net
Subject: blacklisting throwaway domains, was Re: [Asrg] Re: 6 - Yahoo Domain Keys
From: Tony Finch <dot at dotat.at>
Date: Thu, 20 May 2004 14:26:48 +0100
Cc: asrg at ietf.org
In-reply-to: <40ABEA25.5060901@zemos.net>
List-archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <40AAB82D.3090004@solidmatrix.com> <GPEMJLCHICHEGPOKJHHDCELEHPAA.asrg@rebel.com.au> <16555.56412.585254.961521@world.std.com> <16555.56412.585254.961521@world.std.com>
Sender: asrg-admin at ietf.org

Philip Miller <millenix at zemos.net> wrote:
>
>> As far as I can tell spammers have now become domain registries and
>> just generate random-appearing, generated domains like www.fxbrezd.com
>> (or, more often, .info or .somecountryyoudon'twanttoknowmoreabout.)
>
>These types of things could potentially be blacklisted. Has anyone created a 
>functioning BL of domain registrars, rather than domains?

It's easier to blacklist nameservers than registrars -- working out a
domain's name servers is much simpler than getting to grips with whois.
You need the right kind of blacklist for this purpose, because it must
target nameservers that are only used for spam domains. Fortunately
such a blacklist already exists: the SBL. SpamAssassin 3.0 includes
a module that checks the nameservers of any URL in the message against
the SBL, and this has proved to be very effective. The same technique
should work well against the nameservers of domains in email addresses.

Tony.
-- 
f.a.n.finch  <dot at dotat.at>  http://dotat.at/
THE MULL OF GALLOWAY TO MULL OF KINTYRE INCLUDING THE FIRTH OF CLYDE AND THE
NORTH CHANNEL: WEST 3 OR 4 VEERING NORTHWEST 4 OR 5. VARIABLE CLOUD AMOUNTS,
RISK LIGHT SHOWER. MAINLY GOOD. SLIGHT TO MODERATE BECOMING MODERATE.

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- [Asrg] [Fwd: Yahoo! Mail Publishes Specification for DomainKeys]
  - From: Yakov Shafranovich
- [Asrg] 6 - Yahoo Domain Keys
  - From: Chris
- Re: [Asrg] 6 - Yahoo Domain Keys
  - From: Barry Shein
- [Asrg] Re: 6 - Yahoo Domain Keys
  - From: Philip Miller

Prev by Date: Re: [Asrg] Spam and IPv6
Next by Date: Re: [Asrg] Re: Spam send/receive ratio
Previous by thread: Re: [Asrg] Re: 6 - Yahoo Domain Keys
Next by thread: Re: [Asrg] 6 - Yahoo Domain Keys
Index(es):
- Date
- Thread