Ken A wrote: > Marc Perkel wrote: >> >> >> Ken A wrote: >>> Marc Perkel wrote: >>>> I don't know how this will work but I'm building the data now. For >>>> those of you who are familiar with Day old bread lists to detect >>>> new domains, as you know there's a lag time in the data and they >>>> often don't have data from all the registries. So - here's a >>>> different solution. >>>> >>>> What I'm thinking is to accumulate every domain name that interacts >>>> with my system and storing it in a list. Eventually after a week or >>>> so I should have a good list. Then the idea is to do a lookup to >>>> see if a new domain is NOT on the list. This will catch all really >>>> new domains, but will have some false positives. But - if it is >>>> mixed with other conditionals it might be a good way to detect and >>>> block spam from or linking to tasting domains. >>>> >>>> Thoughts? >>>> >>> >>> How will you keep your list from being easily polluted? >>> >>> Ken >> >> I'm not dure what you mean. The idea is to detect what's NOT on the >> list. And also to track new entries for a week or so. I'm just in the >> data accumulation stage. I only have one day of data. But the idea is >> to detect new domains. >> > > nevermind. You've since explained that you only plan to add new > domains to your list if the domains are urls in known spam that you > detect using other methods. Please don't call it DOB, since it's > 'unseen' domains you are talking about. > > In your initial email, the only condition to be on the list was > 'interacting with your system', which was very vague. >
I'd agree, it's not DOB.. But I don't think Marc intended you to believe it was exactly DOB. He just wanted you to start there so he could explain his concept better. (This is a common tactic he uses, one which often backfires on him as many people don't read his entire email). If you didn't read his post closely, well, that happens, but don't accuse him of calling it DOB. He was clearly doing a compare/contrast between the two, not equating them. In general seems more like a large-scale version of the "seen" database generated by most greylist systems. It may have some DOB-like behaviors, but it's not going to exactly be like a DOB system. That said, in some ways, non-listing in this system could be used for some of the applications that DOB is used for. Personally, I might use a list like this to enforce longer greylist durations in my milter-greylist config, and add smallish scores to messages (~0.5) in SA and see how it proves out long-term.