spf-discuss
[Top] [All Lists]

Re: [spf-discuss] throwaway domains and whois

2008-10-10 14:35:33
On Fri, Oct 10, 2008 at 01:44:40PM -0400, Stuart D. Gathman wrote:
I would like to reject all mail from the above two registrants, for instance,
regardless of domain name du jour.  What are the restrictions on using
whois?  Can I simply script running it for every domain, with a cache
to remember results?  Or will reigstrars start blocking me for abuse?
What is the most efficient way to obtain whois info on a domain?

If you run automated whois queries, I believe you will quickly get
blocked. I ran into one registrar who didn't allow me to do more than
something like three whois queries per day per IP. I hit that limit
just doing manual queries!

I don't know of any registrars that offer their whois database for bulk
download.

Have you considered assigning reputation to nameservers? I've thought
about that idea before but haven't yet built anything to try it out.
Some time ago I noticed that a particular breed of spam was coming from
a different domain every time, but the nameserver address was always
the same. Dodgy domains registered with a dodgy registrar would likely
tend to have different nameserver addresses than stable, legitimate
domains. Querying for NS records would not be subject to rate limiting.

Greg Hewgill
http://hewgill.com


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com