spf-discuss
[Top] [All Lists]

Re: [spf-discuss] throwaway domains and whois

2008-10-14 06:03:09
On Tue, 14 Oct 2008 08:39:40 +0200 Alessandro Vesely 
<vesely(_at_)tana(_dot_)it> wrote:
Scott Kitterman wrote:
This one isn't free, but maybe something like this would help:

http://www.support-intelligence.com/dob/

Given that Stuart wrote:
Each freshly registered domain has a valid and reasonable SPF record.
All identical - usually "v=spf1 a -all", and all such spam is SPF pass.

SPF-wise, to block domains that are newer than 5 days looks like the 
perfect answer. However, I still don't know why spammers stop using 
domains after a few days. I recall finding that spammers domain had 
been shut down within a few days; however, that was from manual 
lookups so I have no statistically relevant data. Is that due to 
individual providers' initiative, possibly driven by users' 
complaints, or are there some more structured mechanisms that operate 
within those 5 days?

IIRC it's because of payment timing. You can use a domain somehow for up to 
4 days before you pay for it.

Scott K


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com