I have been tracking this for about 2 weeks now myself.
Comparing my list of new domains, shows that DOB seems to pick them up
after they are 2 days old.
I also tried to compair my list to fresh.spameatingmonkey.net, but
none of my domains in the 0-5days old would get a match for com/net
domains. I do get some hits for info and us though. But it's normally
com and a few us that are on my lists.
I am currently doing a whois lookups for about 30 tld's, and tracking
their time and registar. I do minimize the lookups.
I am currently seeing, about 2 .asia, 2 .uk, and then around 100 .com
(all the .com are ENOM) sending email to me, with an age <1day old.
This is pretty consistant day to day.
----
Have you looked into "Day old bread"?
http://wiki.apache.org/spamassassin/Rules/URIBL_RHS_DOB
...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
.Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357
-----Original Message-----
From: James B. Byrne [mailto:byrn...@harte-lyne.ca]
Sent: Wednesday, May 14, 2014 8:52 AM
To: users@spamassassin.apache.org
Subject: SPAM from a registrar
This AM we received (and are continuing to receive) numerous spam
messages from multiple domains
that were all registered today (2014-05-14) with a company called
enom, inc. This firm is
also the registrar for the the mail server domain BOSJAW.com that is
ending some if not all
of the UCEM. That server is hosted in CZ.
It seems likely that this is a planned UCEM campaign designed to use
disposable domains, probably
registered with stolen credit cards or some other form of fraud, in
order to escape blacklisting
services. No doubt by tomorrow they will be abandoned.
Is there any test to check how long a domain name has been in
existence and set a spam score
with that information?
Along the same lines, is there any test to determine the country of
origin of the IP address
in the last hop before it connects to our servers?
----- End forwarded message -----
--- Begin Message ---
I have been tracking this for about 2 weeks now myself.
Comparing my list of new domains, shows that DOB seems to pick them up
after they are 2 days old.
I also tried to compair my list to fresh.spameatingmonkey.net, but
none of my domains in the 0-5days old would get a match.
I am currently doing a whois lookups for about 30 tld's, and tracking
their time and registar. I do minimize the lookups.
I am currently seeing, about 2 .asia, 2 .uk, and then around 100 .com
(all the .com are ENOM) sending email to me, with an age <1day old.
This is pretty consistant day to day.
----
Have you looked into "Day old bread"?
http://wiki.apache.org/spamassassin/Rules/URIBL_RHS_DOB
...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
.Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357
-----Original Message-----
From: James B. Byrne [mailto:byrn...@harte-lyne.ca]
Sent: Wednesday, May 14, 2014 8:52 AM
To: users@spamassassin.apache.org
Subject: SPAM from a registrar
This AM we received (and are continuing to receive) numerous spam
messages from multiple domains
that were all registered today (2014-05-14) with a company called
enom, inc. This firm is
also the registrar for the the mail server domain BOSJAW.com that is
ending some if not all
of the UCEM. That server is hosted in CZ.
It seems likely that this is a planned UCEM campaign designed to use
disposable domains, probably
registered with stolen credit cards or some other form of fraud, in
order to escape blacklisting
services. No doubt by tomorrow they will be abandoned.
Is there any test to check how long a domain name has been in
existence and set a spam score
with that information?
Along the same lines, is there any test to determine the country of
origin of the IP address
in the last hop before it connects to our servers?
--- End Message ---
