Quoting Matthias Leisi <matth...@leisi.net>:
On Mon, Jun 9, 2014 at 11:31 PM, Richard Doyle <lists...@islandnetworks.com>
wrote:
A caching whois client (jwhois, for example) can significantly reduce
the volume of queries.
You will need to query potentially hundreds or thousands of domains *per
day* - mostly throw away domains from spammers.
1) What are the typical rate limits on public whois servers?
2) How to protect against attackers sending random non-existant domain
names your way, thus ensuring you hit rate limites early?
3) How to parse the myriads of formats sent by whois servers?
4) How do you handle TLDs which do not publish registration dates, like eg
.de? (At least they did not last time I checked.)
Whois is not a feasible data source.
-- Matthias
1) I dunno, but I am doing around 15k lookups a day, from a single ip,
without getting limited/blocked
2) This is hard, and I don't know, currently the postfix reject
unknown sender helps solve this for me, but won't for dns based lookups
3) This, while annoying, is solved in my code, not too hard
4) These I just don't bother doing lookups for, there is no solution,
other than to let them bypass this system, or rate them via seen
before method.
