-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Karl Chen wrote: > Hi, I have the idea that a URI with a domain that was recently > registered would be a good indicator of spam. Has this been > discussed before, and would it be hard to implement? > > Various optimizations are possible over just doing a 'whois' each > time, e.g. caching, creating a global url blocklist (with auto > expiry), etc. Some time ago (woot, over a year? oh my.) I wrote an experimental "DNS Age List" using a custom DNS server in Perl, doing whois searches w/caching, see [1]. However I'm not convinced any more that domain age alone will really be useful; it may make more sense to record the history of domains used, ie to have something like "date first seen", and not [only] "date registered". The two data points combined may be highly effective. Further, going through whois is pretty inefficient, even when using heavy caching. It would be easy for such a service to be DoSed, at least to have the access to the whois servers revoked for inappropriate usage, by just about regular traffic. > For an unrelated project I've been using the following regexp to > parse registration date from whois records: > > /(?:(?:Creation|created|registration|registered) (?:date|on)):\s*(.*)/i Unfortunately this is not enough given the wide variety of whois formats, as can be seen by the list in WhoisProxy.pm in the .tar.gz at [1], and that list is far from complete. I continued with that thing a bit after the blog posting and the list got longer and longer. In a variant I wrote in Java the corresponding properties file has 84 entries (77 if we account for those with identical format), and even then did I encounter new variants each day... - -- Matthias [1] http://matthias.leisi.net/archives/129-New-version-of-Domain-Age-DNS-Server.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFixPLxbHw2nyi/okRAqnOAKCuff0JXz5pivbKDLQgeT0dYCyeHwCfaH0U 8l4kTBhvbjgNQcCuypasUxw= =gSLw -----END PGP SIGNATURE-----
