Re: Scoring by registrar?

2019-07-01 Thread Grant Taylor
On 7/1/19 4:32 PM, Sean Lynch wrote: I think fast flux came up in reference to a speculation I'd made regarding why the spammers were using their own nameservers rather than Namecheap's. Ah. I don't think it's particularly off-base to refer to rapid registration of new domains as fast flux.

Re: Scoring by registrar?

2019-07-01 Thread Sean Lynch
On 7/1/19 3:13 PM, Grant Taylor wrote: On 7/1/19 6:44 AM, micah anderson wrote: This sounds like Fast Flux How is this fast flux? I thought fast flux was rapidly updating A records on the DNS server (for a given qname) or updating NS records with the registrar for a single given domain.

Re: Scoring by registrar?

2019-07-01 Thread Grant Taylor
On 7/1/19 6:44 AM, micah anderson wrote: This sounds like Fast Flux How is this fast flux? I thought fast flux was rapidly updating A records on the DNS server (for a given qname) or updating NS records with the registrar for a single given domain. It sounds to me like Sean was talking abo

Re: Scoring by registrar?

2019-07-01 Thread Paul Stead
On Mon, 1 Jul 2019 at 16:17, RW wrote: > > On the site they have: > > Query ResponseNameMeaning > domain 127.2.0.2 fresh Domain registered in last 7 days > domain 127.2.0.14 fresh14 Domain registered in last 7-14 days > > there's no mention of the 127.2.0.28 result, b

Re: Scoring by registrar?

2019-07-01 Thread RW
On Mon, 01 Jul 2019 07:45:23 -0700 Sean Lynch wrote: > On July 1, 2019 7:22:58 AM PDT, micah anderson > wrote: > >Sean Lynch writes: > > > >>>Having such a list would be very helpful for dealing with fast > >>>flux. > >> > >> SA already has this. It used fresh.fmb.la to detect domains > >r

Re: Scoring by registrar?

2019-07-01 Thread John Hardin
On Mon, 1 Jul 2019, micah anderson wrote: Grant Taylor writes: As a Namecheap customer, you are making me want to move. That is good, but its also something you should consider, before you block the entire registrar: there are a significant number of non-spamming Namecheap customers that you w

Re: Scoring by registrar?

2019-07-01 Thread Sean Lynch
On July 1, 2019 7:22:58 AM PDT, micah anderson wrote: >Sean Lynch writes: > >>>Having such a list would be very helpful for dealing with fast flux. >> >> SA already has this. It used fresh.fmb.la to detect domains >registered within the past couple of weeks. > >It does? Do I need to enable som

Re: Scoring by registrar?

2019-07-01 Thread micah anderson
Sean Lynch writes: >>Having such a list would be very helpful for dealing with fast flux. > > SA already has this. It used fresh.fmb.la to detect domains registered within > the past couple of weeks. It does? Do I need to enable something to get that? -- micah

Re: Scoring by registrar?

2019-07-01 Thread Sean Lynch
On July 1, 2019 5:44:37 AM PDT, micah anderson wrote: >Grant Taylor writes: > >>> A very large number (nearly all, in fact) of the spams I receive >these >>> days involve domains registered with Namecheap. I've received >hundreds >>> of spams involving .icu domains from what appear to be the

Re: Scoring by registrar?

2019-07-01 Thread micah anderson
Grant Taylor writes: >> A very large number (nearly all, in fact) of the spams I receive these >> days involve domains registered with Namecheap. I've received hundreds >> of spams involving .icu domains from what appear to be the same spammer. >> I also receive a large number of scams imperso

Re: Scoring by registrar?

2019-06-30 Thread Paul Stead
On Mon, 1 Jul 2019 at 06:38, Sean Lynch wrote: > It's pretty useful already. If you're able to get the name of the > registrar from that service, I think it might make a useful spam signal > since some registrars seem to be a lot more popular with spammers than > others. > Not really, essentiall

Re: Scoring by registrar?

2019-06-30 Thread Sean Lynch
On 6/30/19 9:41 PM, Paul Stead wrote: On Sun, 30 Jun 2019 at 19:46, Sean Lynch > wrote: On 6/30/19 11:40 AM, Grant Taylor wrote: > On 6/30/19 12:05 PM, John Hardin wrote: >> There's really no infrastructure for it. Somebody would have to hook >> i

Re: Scoring by registrar?

2019-06-30 Thread Paul Stead
On Sun, 30 Jun 2019 at 19:46, Sean Lynch wrote: > > On 6/30/19 11:40 AM, Grant Taylor wrote: > > On 6/30/19 12:05 PM, John Hardin wrote: > >> There's really no infrastructure for it. Somebody would have to hook > >> into the registrar data feeds to collect it and publish it in a > >> usable form,

Re: Scoring by registrar?

2019-06-30 Thread John Hardin
On Sun, 30 Jun 2019, Sean Lynch wrote: On June 30, 2019 11:20:33 AM PDT, John Hardin wrote: ...and if the same IP address is a regular abuser that never sends any legitimate traffic, tarpit them: http://www.impsec.org/~jhardin/antispam/spammer-firewall I do like the idea of tarpitting s

Re: Scoring by registrar?

2019-06-30 Thread John Hardin
On Sun, 30 Jun 2019, Grant Taylor wrote: On 6/30/19 12:05 PM, John Hardin wrote: There's really no infrastructure for it. Somebody would have to hook into the registrar data feeds to collect it and publish it in a usable form, and nobody has done so that I am aware of. Whois Domain Search ha

Re: Scoring by registrar?

2019-06-30 Thread Sean Lynch
On June 30, 2019 11:20:33 AM PDT, John Hardin wrote: >On Sun, 30 Jun 2019, Grant Taylor wrote: > >> On 6/30/19 10:51 AM, Martin Gregorie wrote: >>> If you don't mind a delay in receiving mail from hosts you've never >seen >>> before, why not implement a greylister? >>> >>> https://en.wikipedia

Re: Scoring by registrar?

2019-06-30 Thread Sean Lynch
On 6/30/19 11:40 AM, Grant Taylor wrote: On 6/30/19 12:05 PM, John Hardin wrote: There's really no infrastructure for it. Somebody would have to hook into the registrar data feeds to collect it and publish it in a usable form, and nobody has done so that I am aware of. Whois Domain Search h

Re: Scoring by registrar?

2019-06-30 Thread Grant Taylor
On 6/30/19 12:05 PM, John Hardin wrote: There's really no infrastructure for it. Somebody would have to hook into the registrar data feeds to collect it and publish it in a usable form, and nobody has done so that I am aware of. Whois Domain Search has some information. Link - Whois Domain Se

Re: Scoring by registrar?

2019-06-30 Thread Sean Lynch
On 6/30/19 11:05 AM, John Hardin wrote: On Sun, 30 Jun 2019, Sean Lynch wrote: A very large number (nearly all, in fact) of the spams I receive these days involve domains registered with Namecheap. I'd like to add a spam score to any message using a domain registered with them. Does such

Re: Scoring by registrar?

2019-06-30 Thread Sean Lynch
On 6/30/19 11:00 AM, Grant Taylor wrote: On 6/30/19 10:08 AM, Sean Lynch wrote: Hi, everyone! I used to run my own mail servers back in the mid '90s and even worked as the postmaster for a regional ISP and worked on mail servers for some large corporations and even a small national ISP as a

Re: Scoring by registrar?

2019-06-30 Thread John Hardin
On Sun, 30 Jun 2019, Grant Taylor wrote: On 6/30/19 10:51 AM, Martin Gregorie wrote: If you don't mind a delay in receiving mail from hosts you've never seen before, why not implement a greylister? https://en.wikipedia.org/wiki/Greylisting I see your GreyListing and raise you NoListing: htt

Re: Scoring by registrar?

2019-06-30 Thread Grant Taylor
On 6/30/19 10:51 AM, Martin Gregorie wrote: If you don't mind a delay in receiving mail from hosts you've never seen before, why not implement a greylister? https://en.wikipedia.org/wiki/Greylisting I see your GreyListing and raise you NoListing: https://en.wikipedia.org/wiki/Nolisting TL;DR

Re: Scoring by registrar?

2019-06-30 Thread John Hardin
On Sun, 30 Jun 2019, Sean Lynch wrote: A very large number (nearly all, in fact) of the spams I receive these days involve domains registered with Namecheap. I'd like to add a spam score to any message using a domain registered with them. Does such functionality already exist in SpamAssassi

Re: Scoring by registrar?

2019-06-30 Thread Grant Taylor
On 6/30/19 10:08 AM, Sean Lynch wrote: Hi, everyone! I used to run my own mail servers back in the mid '90s and even worked as the postmaster for a regional ISP and worked on mail servers for some large corporations and even a small national ISP as a consultant. After a hiatus where I drank the

Re: Scoring by registrar?

2019-06-30 Thread Sean Lynch
On 6/30/19 9:51 AM, Martin Gregorie wrote: On Sun, 2019-06-30 at 09:08 -0700, Sean Lynch wrote: A very large number (nearly all, in fact) of the spams I receive these days involve domains registered with Namecheap. I've received hundreds of spams involving .icu domains from what appear to be t

Re: Scoring by registrar?

2019-06-30 Thread Martin Gregorie
On Sun, 2019-06-30 at 09:08 -0700, Sean Lynch wrote: > A very large number (nearly all, in fact) of the spams I receive > these days involve domains registered with Namecheap. I've received > hundreds of spams involving .icu domains from what appear to be the > same spammer. > Write a local rule th

Scoring by registrar?

2019-06-30 Thread Sean Lynch
Hi, everyone! I used to run my own mail servers back in the mid '90s and even worked as the postmaster for a regional ISP and worked on mail servers for some large corporations and even a small national ISP as a consultant. After a hiatus where I drank the hosted email kool-aid, I'm back to hos