On Mon, Jun 9, 2014 at 9:11 PM, David F. Skoll <d...@roaringpenguin.com> wrote:
> The clever part is that once lots of sites begin using this in their > SA setups, we'll very quickly build up quite an accurate database of > newly-seen domains that's completely independent of any registrar for > a data source. > dnswl.org (and many other DNSxLs) already have some of that data as part of their parsing/handling of DNS logs. For Furthermore, you can ignore all but the first few hundred lookups before you > enter the TXT record in the database; this will make it more expensive > for spammers to poison the data. Or you could not enter a record in the > database until it has been looked up from 100 different IP addresses... I > can think of a few other countermeasures. > > So.... who's volunteering to do this? :) > We had some plans to publish such data. However since it is not really clear what domains to look for, we did not pursue that a lot further. We have at least a "primary domain" for each DNSWL record, but at least historically we were not strict in what type of domain to put there (we like to use the domain name that most closely links the IPs to the administratively responsible owner, which is admittedly somewhat vague). Based on the useage data we gather, we can pretty accurately extract a "last seen" date for a particular domain (or, it's associated IPs to be exact). *But*, again: which domains would be queried for such a list? -- Matthias
