On 05/15/2014 04:31 PM, James B. Byrne wrote:
On Thu, May 15, 2014 09:08, David Jones wrote:
We use the fresh15.spameatingmonkey.net RBL.
http://spameatingmonkey.com/lists.html
I checked three domain names used by the spam messages received yesterday.
All of the domains were registered yesterday as well. None of them report as
being in any of the fresh lists at spameatingmonkey.com. Nor are they listed
in DOB at support-intelligence.net. I have to wonder how soon after creation
new domains are added to the fresh lists. Over 20% of the coverage period is
already over for fresh.spameatingmonkey.net and I suspect that the domain used
yesterday has already been abandoned. At least we are getting the exact same
messages today from a bunch of different domains all registered with the same
registrar: enom.com.
At this point I would be willing to implement a rule to block all domains
registered with that registrar and be done with it. Is there a spamassassin
whois plug-in that can parse and check the registrar and the domain creation
date?
Unless spameatingmonkey.com pays a LOT for hourly zone diffs they sync
zone data once/day so fresh is +- 24h.
Doing a regular whois lookups on every URL domain in mail will get you
rated very fast and you'll see your queue grow fast.
There are paid services which allow you fast bulk whois lookups.
