Re: Domain ages (was Re: SPAM from a registrar)

Tue, 10 Jun 2014 11:16:02 -0700 

On 06/10/2014 06:51 PM, Patrick Domack wrote:


Quoting Axb <axb.li...@gmail.com>:


On 06/10/2014 05:11 PM, Patrick Domack wrote:

There are all kinds of way to use the infomation. I just don't
understand why people are so against it, cause it's not 100% foolproof.


Nobody is against the idea, problem is scalability and trust.
To make domain age usable, the BLs I mentioned make use of it as well
as many other daata points to gain trust that a listing won' tbite the
globe, as well as they can.

Consider certain factors wich *can* contribute to delay in listings
produce a positive hit,for example, mirror lag due to rsync, negative
TTL, etc. as reasosn why you seem to see these domains being listed
after you got the spams.
(If your size/budget permits, datafeeds would probably help a lot)

For a small site doing a few whois lookups/hour it may work, but what
if suddenly an ISP/ASP doing many thousands of msgs/sec would
implement this?


I did consider those factors, and they where not the problem.

I do rsync the data feeds locally, and feeds did not contain the lookups
till hours later.
It wasn't a negative ttl issue, as the ttl is non-existant for these
lookups



When you come up with a couple of such cases, please post them here as 
quickly as you can so BL ops or users lurking here can check their  logs 
and maybe compare results.



I fail to understand why you would be doing thousands of whois lookups
per second. You see that many new domain names per second?
Mostly it's the same domain names over and over again, and a few new
ones per day.


You do lookups on URIS in your mailflow right? so you do it for HAM/SPAM


Domains don't expire, moved around, and updated a lot, and even if it
did, that isn't really much a concern. To cache this infomation for
atleast 3 years, would be fine, likely even longer.



Check & keep track of daily changes and you'll be surprised how often 
stuff gets moved around.



Also, the point of having a central body do this, would cause the cached
results to be even better, and less lookups needed.

if found...ok. if not found negative TTL applies and short TTL means 
evne more lookups.



I'm not a huge isp, but I don't seem to be any where near as tiny as you
suggest.


I'm not assuming/suggesting anything


























					Reply via email to