spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] throwaway domains and whois

2008-10-10 22:15:56
from [David MacQuigg] [Permanent Link] 
At 01:44 PM 10/10/2008 -0400, Stuart D. Gathman wrote:


My SPF based reputation system is working really well.
... The greylisting
has dropped that to about 2 per day per user - but growing.

The surviving spammers have evolved.  ...
Their spam software has a state machine which retries after greylisting,
just like a real sender.  ... As this new breed of
spam software gets adopted, the spam that makes it through grows.


Greylisting is like a weak antibiotic.  The survivors become the dominant 
strain and now the whole population is resistant to the treatment.


If you do a whois on these throwaway domains, the registrant is always
a front company, like "Protected Domain Services" or "Domains by Proxy".
My idea is to start tracking reputation by domain registrant.
I would like to reject all mail from the above two registrants, for instance,
regardless of domain name du jour.  What are the restrictions on using
whois?  Can I simply script running it for every domain, with a cache
to remember results?  Or will reigstrars start blocking me for abuse?
What is the most efficient way to obtain whois info on a domain?


You might want to check with the folks at dnsstuff.com.  I use their service 
for manual whois queries, but I assume they do the real query in an automated 
fashion.  They probably have an agreement with some registrar.  Instead of 
trying to get an agreement with a registrar, you might work out something with 
dnsstuff.com to relay your queries.

My worry about your proposal is that you might lose mail from legitimate 
senders who happen to use the same "front company".  I think at one time I was 
considering Domains by Proxy, but then my own registrar Domains Made Easy 
offered the privacy service, and I used it.

How about sending a challenge (via SMTP reject) on mail that would otherwise be 
greylisted?  The folks at Stanford have an excellent discussion of the topic in 
their paper on whitelisting.  See the paper by Erikson, et.al. at 
http://www.ceas.cc/

-- Dave  




-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] throwaway domains and whois, Scott Kitterman
Next by Date:  [spf-discuss] SPF Mail Summary Report, spf-discuss
Previous by Thread:  Re: [spf-discuss] clueless senders, David MacQuigg
Next by Thread:  Re: [spf-discuss] throwaway domains and whois, Michael Deutschmann
Indexes:  [Date] [Thread] [Top] [All Lists]