> -----Messaggio originale----- > Da: Jeff Chan [mailto:[EMAIL PROTECTED] > > In principle, this is a good concept; using domain whois data to spot > bad > domains can be useful. > > In practice, it's a really, really, really bad idea since the public > whois > infrastructure is not designed for this kind of high volume use. If > many > people did it, it would result in an effective DDOS against whois > service, even > with caching and delays. Please don't do it. > > It's much better to let URI blacklist operators such as SURBL handle > these > domains in a centralized way and publish the domain data via our four > dozen DNS > servers, etc.
How do they "handle these domains in a centralized way"? Do they simply relay a whois request for not-yet-seen domains? Because in this case they have to tune their whois parsers a bit: dob.sibl.support-intelligence.net, in example, reports both libero.it and tomassoni.biz as being Day One Bread, while it is years they're around... Giampaolo > > Jeff C.
