R: URIWhois plugin
-Messaggio originale- Da: Jeff Chan [mailto:[EMAIL PROTECTED] In principle, this is a good concept; using domain whois data to spot bad domains can be useful. In practice, it's a really, really, really bad idea since the public whois infrastructure is not designed for this kind of high volume use. If many people did it, it would result in an effective DDOS against whois service, even with caching and delays. Please don't do it. It's much better to let URI blacklist operators such as SURBL handle these domains in a centralized way and publish the domain data via our four dozen DNS servers, etc. How do they handle these domains in a centralized way? Do they simply relay a whois request for not-yet-seen domains? Because in this case they have to tune their whois parsers a bit: dob.sibl.support-intelligence.net, in example, reports both libero.it and tomassoni.biz as being Day One Bread, while it is years they're around... Giampaolo Jeff C.
Re: R: URIWhois plugin
Quoting Giampaolo Tomassoni [EMAIL PROTECTED]: How do they handle these domains in a centralized way? Do they simply relay a whois request for not-yet-seen domains? Because in this case they have to tune their whois parsers a bit: dob.sibl.support-intelligence.net, in example, reports both libero.it and tomassoni.biz as being Day One Bread, while it is years they're around... Day Old Bread has had some errors before. All of .org was blacklisted for a while for example. Aside from the occasional errors, it's a useful list in concept since it shows recently registered domains. However I was referring to URI blacklists such as SURBL.org, not DOB. SURBL doesn't catch everything, but it catches much, and we seek to catch more. It's much better if we do the whois and other queries in a centralized way, do a lot of (quick) testing, then distribute the resulting data as a blacklist which everyone can use as relatively efficient DNS queries or rsync files. Jeff C.