...
--On Thursday, March 10, 2005 7:23 AM -0800 List Mail User
[EMAIL PROTECTED] wrote:
They mostly use Joker, who has *very* good policies for killing
domains like this. You should complain and file at wdprs.internic.net.
They create about a dozen new domains a week, but have been using
the Amsterdam address for a few months.
It's too bad there's no DNS record in the TLD zones for whois data. It
would be nice to automate that query, but regular whois queries don't
cache/distribute and therefore scale like DNS, so automated queries are
generally forbidden.
I wonder if the whois servers could make an exception for the SURBL
servers? Perhaps by special arrangement with each registry.
There is no DNS, but you can often get the data by directly querying
whois.internic.net or using jwhois (or cribbing its code - I believe it
has a GPL v2 license, but the authors might be willing to give a BSD style
license for the part of interest). Also, the latest BSD whois is `almost'
as good (and the code is stealable under a standard BSD license - not even
the advertising clause remains).
Paul Shupak
[EMAIL PROTECTED]
P.S. Today, I got some domains suspended and listed before they even hit
the internic and DNS root caches - you have to learn which spammers use which
registrars and directly query them to get a one day jump. I really enjoy
seeing the spam arrive and knowing the domains are already on hold or
suspended (and in this case, Spamhaus found them too, so they were SBL'd
before the spam even arrived!). Also, if you can catch them before they hit
the root cache, you get extra points for getting a bogusmx.rfci listing for
free.
P.P.S. The only configuration option to jwhois that changes its behavior
significantly is whether or not to enable caching.
