Personally I think throw-away domains are out-of-scope. Spf/rmx type
solutions solve one aspect of the spam problem: forged headers, joe
jobs, etc.
Nevertheless detecting throwaway domains will be a big challenge in
an SPF-protected world. The key is the whois information, so:
* How much information can be pulled out of
whois, and how automated can you make that?
+ Date of registry (not that useful - domains can be pre-allocated)
+ Real-world ID of person registering (quite useful)
* Can the whois infrastructure cope with large-scale automated
polling by mail filters?
* Since whois only handles 2nd level domain data can SPF ever
be useful for subdomains?
With regard to whois, or using it to score throw-away domain detection,
I advise against it. That's not what the whois database is designed
for and they simply were not built with the performance considerations
that this would require.
In the present, many registries and registrars already meter and throttle
connections to their whois databases, and going forward port-43 whois
may not even be around in its current form for long, so building reliance
on this will very likely see it pulled from under in the forseeable
future.
* The quality of a registrar might well become a filtering
criterion. Registrars that publish good whois info and
are good at checking ID may earn their users a better spam
filtering score.
From a personal vantage point I do notice a trend for throw-away domains
to coagulate on identifiable groups of nameservers. You can deal with
throw-away domains in two ways: maintain RBLs of known spam domains
for the existing ones, then null route/blackhole the known nameservers
for them and set your MTA's to reject unknown domains.
-mark
--
Mark Jeftovic <markjr(_at_)easydns(_dot_)com>
Co-founder, easyDNS Technologies Inc.
ph. +1-(416)-535-8672 ext 225
fx. +1-(416)-535-0237
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡