> -----Messaggio originale----- > Da: Dave Koontz [mailto:[EMAIL PROTECTED] > Inviato: giovedì 27 settembre 2007 0.50 > > If nothing else, you should likely add a disclaimer to your rules as > you > can't control the threshold at which a site may be blocked for > excessive > queries. I doubt that most users on this list have email volumes as > low > as yours (100?), and will go well above the thresholds you've tested. > I > am a what I consider a small site, yet I know I would generate well in > excess of 100,000 queries in 24 hours.
My rate is more or less 500 per day. Most is spam, which comes in more copies (for free!), or regular mail with no URIs, or URIs in signature but "common contacts" (more mails per day with the very same URIs). Thereby yesterday I had to issue only 100 queries over a volume of 500 mails. Today I expect more or less the same volume, but much less queries (I would bet on 40). Giampaolo > > So, what happens with your plugin should a timeout or ban occur? A negative reply is saved in the cache. The negative reply entries expire by default in one day (this can be tweaked), while positive ones in a month (this too can be tweaked). Rules tied to whois queries are not run on a negative reply. Since I'm only interested in the domain's creation date and defined nameservers, positive replies could even last longer. Not too longer, however, to avoid incurring in FPs due to the PARTNSMIS/FULLNSMIS rule, should a domain change its nameservers. Giampaolo > Giampaolo Tomassoni wrote: > > It depends upon how many e-mail you scan. In about 24h I just issued > more or > > less 100 queries to the to several TLDs' whois servers. What is it, > 10 > > queries per TLD? It doesn't seem too much to me... Also note today > I'm > > probably not going to get the same numbers, thanks to caching. > > > > Of course, people scanning 1,000,000 messages a day would probably > get > > banned: it would end in roughly 200,000 queries issued per day (say > 8,000 > > per TLD). > > > >