On Tue, 7 May 2013, Robert Schetterer wrote:
Am 07.05.2013 20:15, schrieb lcon...@go2france.com:
Nearly all of the .pw domains have their authoritative NS at
dns*.registrar-servers.com.
that registrar and few others are always at the top of my reports for
NSs of sender domains of spam we reject.
Does anybody score a msg if its sender domain is DNS hosted by
registrar-servers.com or other?
what would that rule look like?
Len
found some older plugin here for registrars
http://www.impsec.org/~jhardin/antispam/registrar_scoring/
Yes, but: use of that is very likely to be considered abusive by the whois
system, and get your queries blacklisted. That was more exploration of an
idea than something for production use.
For this particular case it would be better to write a DNS plugin that
would do a DNS lookup for the domain nameservers and return that in a
matchable form. Going via the registrar to get the nameservers incurs far
too much overhead.
jhardin@davinci ~ $ dig +short ns FRESHTIMESFOR.PW
dns5.registrar-servers.com.
dns2.registrar-servers.com.
dns3.registrar-servers.com.
dns1.registrar-servers.com.
dns4.registrar-servers.com.
jhardin@davinci ~ $ dig +short ns neathotdealz.pw
dns2.registrar-servers.com.
dns5.registrar-servers.com.
dns1.registrar-servers.com.
dns4.registrar-servers.com.
dns3.registrar-servers.com.
in general i dont think that classify by dns server name is a good idea
Alone, no, it isn't. In concert with other things it may be very good. For
example: sender/URI domain in .pw + sender/URI domain DNS provided by
*.registrar-servers.com
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Watch... Wallet... Gun... Knee... -- Denny Crane
-----------------------------------------------------------------------
Tomorrow: the 68th anniversary of VE day