>... >--On Thursday, March 10, 2005 7:23 AM -0800 List Mail User ><[EMAIL PROTECTED]> wrote: > >> They mostly use Joker, who has *very* good policies for killing >> domains like this. You should complain and file at wdprs.internic.net. >> >> They create about a dozen new domains a week, but have been using >> the Amsterdam address for a few months. > >It's too bad there's no DNS record in the TLD zones for whois data. It >would be nice to automate that query, but regular whois queries don't >cache/distribute and therefore scale like DNS, so automated queries are >generally forbidden. > >I wonder if the whois servers could make an exception for the SURBL >servers? Perhaps by special arrangement with each registry. > There is no DNS, but you can often get the data by directly querying whois.internic.net or using "jwhois" (or cribbing its code - I believe it has a GPL v2 license, but the authors might be willing to give a BSD style license for the part of interest). Also, the latest BSD "whois" is `almost' as good (and the code is "stealable" under a standard BSD license - not even the advertising clause remains).
Paul Shupak [EMAIL PROTECTED] P.S. Today, I got some domains suspended and listed before they even hit the internic and DNS root caches - you have to learn which spammers use which registrars and directly query them to get a one day jump. I really enjoy seeing the spam arrive and knowing the domains are already on "hold" or suspended (and in this case, Spamhaus found them too, so they were SBL'd before the spam even arrived!). Also, if you can catch them before they hit the root cache, you get extra points for getting a bogusmx.rfci listing for "free". P.P.S. The only configuration option to "jwhois" that changes its behavior significantly is whether or not to enable caching.