Detecting the Registrar of the sending host? - SpamAssassin

This is a discussion on Detecting the Registrar of the sending host? - SpamAssassin ; Is there an easy way to detect the registrar of a domain through DNS? For example - can I easilly figure out if an email I'm processing is hosted by GoDaddy or Tucows? Here's what I'm thinking. I think there's ...

+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 25

Thread: Detecting the Registrar of the sending host?

  1. Detecting the Registrar of the sending host?

    Is there an easy way to detect the registrar of a domain through DNS?
    For example - can I easilly figure out if an email I'm processing is
    hosted by GoDaddy or Tucows?

    Here's what I'm thinking. I think there's some expensive and highly
    secure registrars out there who are the registrar of expensive domains
    and probably have no spam domains at all. This could be used to create
    white rules.

    Can this be done?


  2. Re: Detecting the Registrar of the sending host?

    On Wed, 2 Jul 2008, Marc Perkel wrote:

    > Is there an easy way to detect the registrar of a domain through DNS? For
    > example - can I easilly figure out if an email I'm processing is hosted by
    > GoDaddy or Tucows?


    Registrar != hosted by.

    > Here's what I'm thinking. I think there's some expensive and highly secure
    > registrars out there who are the registrar of expensive domains and probably
    > have no spam domains at all. This could be used to create white rules.
    >
    > Can this be done?


    This has been discussed before, at least from the POV of identifying *bad*
    domains, and it sounds like a fairly good idea if someone is willing and
    able to get a realtime ICANN feed of domain/registrar data and create a
    URIBL from it.

    There's also the problem of determining which registrars are "spam
    friendly". Here might be a good start:

    http://www.knujon.com/registrars/

    I wrote a plugin that does this check against whois, but that's likely to
    be considered abusive. Look under here:

    http://www.impsec.org/~jhardin/antispam/

    I'm not currently maintaining it, and the "evil registrar" list is stale
    and certainly not comprehensive.

    --
    John Hardin KA7OHZ http://www.impsec.org/~jhardin/
    jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
    key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
    -----------------------------------------------------------------------
    Taking my gun away because I *might* shoot someone is like cutting
    my tongue out because I *might* yell "Fire!" in a crowded theater.
    -- Peter Venetoklis
    -----------------------------------------------------------------------
    2 days until the 232nd anniversary of the Declaration of Independence


  3. Re: Detecting the Registrar of the sending host?



    John Hardin wrote:
    > On Wed, 2 Jul 2008, Marc Perkel wrote:
    >
    >> Is there an easy way to detect the registrar of a domain through DNS?
    >> For example - can I easilly figure out if an email I'm processing is
    >> hosted by GoDaddy or Tucows?

    >
    > Registrar != hosted by.
    >
    >> Here's what I'm thinking. I think there's some expensive and highly
    >> secure registrars out there who are the registrar of expensive
    >> domains and probably have no spam domains at all. This could be used
    >> to create white rules.
    >>
    >> Can this be done?

    >
    > This has been discussed before, at least from the POV of identifying
    > *bad* domains, and it sounds like a fairly good idea if someone is
    > willing and able to get a realtime ICANN feed of domain/registrar data
    > and create a URIBL from it.
    >
    > There's also the problem of determining which registrars are "spam
    > friendly". Here might be a good start:
    >
    > http://www.knujon.com/registrars/
    >
    > I wrote a plugin that does this check against whois, but that's likely
    > to be considered abusive. Look under here:
    >
    > http://www.impsec.org/~jhardin/antispam/
    >
    > I'm not currently maintaining it, and the "evil registrar" list is
    > stale and certainly not comprehensive.
    >


    Actually I'm not looking for spam friendly registrars. I'm looking for
    registrars that banks use that are really expensive and spammers never
    use. This is for white listing - not black listing.

    For example, I noticed that Wells Fargo Bank and bank of America both
    use a registrar called markmonitor.com. I'm guessing that this is a
    highly secure and expensive registrar than only banks and really big
    customers use. So if the FCrDNS of the sending host resolves to a domain
    that is registered with markmonitor.com then it's not spam. (Less of
    course ISPs and Freemail providers)


  4. Re: Detecting the Registrar of the sending host?

    On Wed, 2008-07-02 at 17:05, Marc Perkel wrote:
    > Is there an easy way to detect the registrar of a domain through DNS?
    > For example - can I easilly figure out if an email I'm processing is
    > hosted by GoDaddy or Tucows?
    >

    Even if it was possible I don't think its would be at all useful.
    Spammers don't generally register domains to sent spam from. They're not
    that stupid.

    Unfortunately some PC users ARE that stupid. If a PC can receive mail
    there's a sporting chance it may be infected no matter who the domain
    registrar might be.

    Martin


  5. Re: Detecting the Registrar of the sending host?



    Martin Gregorie wrote:
    > On Wed, 2008-07-02 at 17:05, Marc Perkel wrote:
    >
    >> Is there an easy way to detect the registrar of a domain through DNS?
    >> For example - can I easilly figure out if an email I'm processing is
    >> hosted by GoDaddy or Tucows?
    >>
    >>

    > Even if it was possible I don't think its would be at all useful.
    > Spammers don't generally register domains to sent spam from. They're not
    > that stupid.
    >
    > Unfortunately some PC users ARE that stupid. If a PC can receive mail
    > there's a sporting chance it may be infected no matter who the domain
    > registrar might be.
    >
    > Martin
    >
    >
    >


    Again - this is not something to find spammers. It's to find
    non-spammers. It's a white rule.


  6. Re: Detecting the Registrar of the sending host?

    On Wed, 2008-07-02 at 18:46, Marc Perkel wrote:
    >
    > Martin Gregorie wrote:
    > > On Wed, 2008-07-02 at 17:05, Marc Perkel wrote:
    > >
    > > > Is there an easy way to detect the registrar of a domain through DNS?
    > > > For example - can I easilly figure out if an email I'm processing is
    > > > hosted by GoDaddy or Tucows?
    > > >
    > > >

    > > Even if it was possible I don't think its would be at all useful.
    > > Spammers don't generally register domains to sent spam from. They're not
    > > that stupid.
    > >
    > > Unfortunately some PC users ARE that stupid. If a PC can receive mail
    > > there's a sporting chance it may be infected no matter who the domain
    > > registrar might be.
    > >
    > > Martin
    > >
    > >
    > >

    >
    > Again - this is not something to find spammers. It's to find
    > non-spammers. It's a white rule.
    >

    OK, but it still won't work. A lot of spam comes from botnets: hence my
    comment about PC users. There's certainly no correlation between the
    location of infected PCs and the reputation of the domain registrar of
    the domain the infected PC is posting from.

    Martin



  7. Re: Detecting the Registrar of the sending host?



    Martin Gregorie wrote:
    > On Wed, 2008-07-02 at 18:46, Marc Perkel wrote:
    >
    >> Martin Gregorie wrote:
    >>
    >>> On Wed, 2008-07-02 at 17:05, Marc Perkel wrote:
    >>>
    >>>
    >>>> Is there an easy way to detect the registrar of a domain through DNS?
    >>>> For example - can I easilly figure out if an email I'm processing is
    >>>> hosted by GoDaddy or Tucows?
    >>>>
    >>>>
    >>>>
    >>> Even if it was possible I don't think its would be at all useful.
    >>> Spammers don't generally register domains to sent spam from. They're not
    >>> that stupid.
    >>>
    >>> Unfortunately some PC users ARE that stupid. If a PC can receive mail
    >>> there's a sporting chance it may be infected no matter who the domain
    >>> registrar might be.
    >>>
    >>> Martin
    >>>
    >>>
    >>>
    >>>

    >> Again - this is not something to find spammers. It's to find
    >> non-spammers. It's a white rule.
    >>
    >>

    > OK, but it still won't work. A lot of spam comes from botnets: hence my
    > comment about PC users. There's certainly no correlation between the
    > location of infected PCs and the reputation of the domain registrar of
    > the domain the infected PC is posting from.
    >
    > Martin
    >
    >
    >


    Again - it's not to figure out where spam comes from. It's figuring out
    where non-spam comes from. I think there are registrars out there that
    don't have any spam domains registered.



  8. Re: Detecting the Registrar of the sending host?

    On Wed, 2 Jul 2008, Martin Gregorie wrote:

    > OK, but it still won't work. A lot of spam comes from botnets: hence my
    > comment about PC users. There's certainly no correlation between the
    > location of infected PCs and the reputation of the domain registrar of
    > the domain the infected PC is posting from.


    But it may tell you something useful about URIs within the message.

    --
    John Hardin KA7OHZ http://www.impsec.org/~jhardin/
    jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
    key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
    -----------------------------------------------------------------------
    USMC Rules of Gunfighting #20: The faster you finish the fight,
    the less shot you will get.
    -----------------------------------------------------------------------
    2 days until the 232nd anniversary of the Declaration of Independence


  9. Re: Detecting the Registrar of the sending host?

    On Wed, 2 Jul 2008, Marc Perkel wrote:

    > John Hardin wrote:
    >> On Wed, 2 Jul 2008, Marc Perkel wrote:
    >>
    >> > Is there an easy way to detect the registrar of a domain through DNS?
    >> > For example - can I easilly figure out if an email I'm processing is
    >> > hosted by GoDaddy or Tucows?

    >>
    >> Registrar != hosted by.
    >>
    >> > Here's what I'm thinking. I think there's some expensive and highly
    >> > secure registrars out there who are the registrar of expensive domains
    >> > and probably have no spam domains at all. This could be used to create
    >> > white rules.
    >> >
    >> > Can this be done?

    >>
    >> This has been discussed before, at least from the POV of identifying *bad*
    >> domains, and it sounds like a fairly good idea if someone is willing and
    >> able to get a realtime ICANN feed of domain/registrar data and create a
    >> URIBL from it.

    >
    > Actually I'm not looking for spam friendly registrars. I'm looking for
    > registrars that banks use that are really expensive and spammers never use.
    > This is for white listing - not black listing.


    The URIBL-based-on-registrar solution doesn't change, just (1) which
    registrars you choose to use to populate your URIBL, and (2) the score is
    negative rather than positive.

    The data can be useful in either direction - reputation works both ways.

    > For example, I noticed that Wells Fargo Bank and bank of America both
    > use a registrar called markmonitor.com. I'm guessing that this is a
    > highly secure and expensive registrar than only banks and really big
    > customers use. So if the FCrDNS of the sending host resolves to a domain
    > that is registered with markmonitor.com then it's not spam. (Less of
    > course ISPs and Freemail providers)


    Does SA support checking the FCrDNS domain of the sending host against a
    URIBL?

    --
    John Hardin KA7OHZ http://www.impsec.org/~jhardin/
    jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
    key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
    -----------------------------------------------------------------------
    Men by their constitutions are naturally divided in to two parties:
    1. Those who fear and distrust the people and wish to draw all
    powers from them into the hands of the higher classes. 2. Those who
    identify themselves with the people, have confidence in them,
    cherish and consider them as the most honest and safe, although not
    the most wise, depository of the public interests.
    -- Thomas Jefferson
    -----------------------------------------------------------------------
    2 days until the 232nd anniversary of the Declaration of Independence


  10. Re: Detecting the Registrar of the sending host?

    On Wed, 2 Jul 2008, Marc Perkel wrote:

    > Again - it's not to figure out where spam comes from. It's figuring out
    > where non-spam comes from. I think there are registrars out there that
    > don't have any spam domains registered.


    Right, but how do you guarantee a host with a whitelisted RDNS domain name
    doesn't get infected with a smapbot?

    --
    John Hardin KA7OHZ http://www.impsec.org/~jhardin/
    jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
    key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
    -----------------------------------------------------------------------
    Men by their constitutions are naturally divided in to two parties:
    1. Those who fear and distrust the people and wish to draw all
    powers from them into the hands of the higher classes. 2. Those who
    identify themselves with the people, have confidence in them,
    cherish and consider them as the most honest and safe, although not
    the most wise, depository of the public interests.
    -- Thomas Jefferson
    -----------------------------------------------------------------------
    2 days until the 232nd anniversary of the Declaration of Independence


  11. Message-ID:Reply-To:References:MIME-Version:Content-Type:In-Reply-To; b=bzsA28jNoRjH8GIfj95xXA1VE9+hIxz3OIgGRCd33bf1h922 FpW8saLPUSfo+KYiLAm+msWLbfGWOXoM49W2STSAFff7dmPxZN lfpPomvduEvj6zkoHao7GcPKYkuHk75l6LbZKtdYdP1OW7xept dgj9nakX6KBEF2OrueXQgjM=

    On Wed, Jul 02, 2008 at 12:08:43PM -0700, John Hardin wrote:
    > On Wed, 2 Jul 2008, Marc Perkel wrote:
    >
    >> Again - it's not to figure out where spam comes from. It's figuring out
    >> where non-spam comes from. I think there are registrars out there that
    >> don't have any spam domains registered.

    >
    > Right, but how do you guarantee a host with a whitelisted RDNS domain
    > name doesn't get infected with a smapbot?


    What's that got to do with anything? If there's a 0.5% chance, who cares.
    You should always scan for viruses, but it's trivial to skip SA for such
    cases. Are you saying that we shouldn't take advantage of DNSWL data either,
    since it's possible that some spam may come?


  12. Re: Detecting the Registrar of the sending host?


    On Thu, 2008-07-03 at 05:59 +0300, Henrik K wrote:
    > On Wed, Jul 02, 2008 at 12:08:43PM -0700, John Hardin wrote:
    > > On Wed, 2 Jul 2008, Marc Perkel wrote:
    > >
    > >> Again - it's not to figure out where spam comes from. It's figuring out
    > >> where non-spam comes from. I think there are registrars out there that
    > >> don't have any spam domains registered.

    > >
    > > Right, but how do you guarantee a host with a whitelisted RDNS domain
    > > name doesn't get infected with a smapbot?

    >
    > What's that got to do with anything? If there's a 0.5% chance, who cares.
    > You should always scan for viruses, but it's trivial to skip SA for such
    > cases. Are you saying that we shouldn't take advantage of DNSWL data either,
    > since it's possible that some spam may come?


    No, I was simply responding to Marc's apparent contention that a host
    with an RDNS domain name from a trustworthy registrar won't be a source
    of spam.

    --
    John Hardin KA7OHZ http://www.impsec.org/~jhardin/
    jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
    key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
    -----------------------------------------------------------------------
    Phobias should not be the basis for laws.
    -----------------------------------------------------------------------
    2 days until the 232nd anniversary of the Declaration of Independence


  13. Message-ID:Reply-To:References:MIME-Version:Content-Type:In-Reply-To; b=WFAitUNbDmpheWJqLBrWBxaLs5NfKTHk53MeQacMt+VKUhhH X1BKC9ex8vqzKEBSJgMAKYpqpSxuNN2Vk1D62IRuRYnr0/tJYZETqQunE9wiOe2RcOJDoV2MED4/gKhsfDwE3Skq2flhO1vhjD6WUPtaC3SazdrhRnMNdEpjfbU=

    On Wed, Jul 02, 2008 at 09:18:41PM -0700, John Hardin wrote:
    >
    > On Thu, 2008-07-03 at 05:59 +0300, Henrik K wrote:
    > > On Wed, Jul 02, 2008 at 12:08:43PM -0700, John Hardin wrote:
    > > > On Wed, 2 Jul 2008, Marc Perkel wrote:
    > > >
    > > >> Again - it's not to figure out where spam comes from. It's figuring out
    > > >> where non-spam comes from. I think there are registrars out there that
    > > >> don't have any spam domains registered.
    > > >
    > > > Right, but how do you guarantee a host with a whitelisted RDNS domain
    > > > name doesn't get infected with a smapbot?

    > >
    > > What's that got to do with anything? If there's a 0.5% chance, who cares.
    > > You should always scan for viruses, but it's trivial to skip SA for such
    > > cases. Are you saying that we shouldn't take advantage of DNSWL data either,
    > > since it's possible that some spam may come?

    >
    > No, I was simply responding to Marc's apparent contention that a host
    > with an RDNS domain name from a trustworthy registrar won't be a source
    > of spam.


    I doubt you have any statistics about this, so why speculate? No one has to
    _guarantee_ anything. If Marc is able to find some good correlation for
    (almost) spamless sources, it will help everyone.


  14. Re: Detecting the Registrar of the sending host?

    On Thu, 2008-07-03 at 06:32, Henrik K wrote:
    > On Wed, Jul 02, 2008 at 09:18:41PM -0700, John Hardin wrote:
    > >
    > > On Thu, 2008-07-03 at 05:59 +0300, Henrik K wrote:
    > > > On Wed, Jul 02, 2008 at 12:08:43PM -0700, John Hardin wrote:
    > > > > On Wed, 2 Jul 2008, Marc Perkel wrote:
    > > > >
    > > > >> Again - it's not to figure out where spam comes from. It's figuring out
    > > > >> where non-spam comes from. I think there are registrars out there that
    > > > >> don't have any spam domains registered.
    > > > >
    > > > > Right, but how do you guarantee a host with a whitelisted RDNS domain
    > > > > name doesn't get infected with a smapbot?
    > > >
    > > > What's that got to do with anything? If there's a 0.5% chance, who cares.
    > > > You should always scan for viruses, but it's trivial to skip SA for such
    > > > cases. Are you saying that we shouldn't take advantage of DNSWL data either,
    > > > since it's possible that some spam may come?

    > >
    > > No, I was simply responding to Marc's apparent contention that a host
    > > with an RDNS domain name from a trustworthy registrar won't be a source
    > > of spam.

    >
    > I doubt you have any statistics about this, so why speculate? No one has to
    > _guarantee_ anything. If Marc is able to find some good correlation for
    > (almost) spamless sources, it will help everyone.
    >

    I really don't see how it will help. Here's my reason for saying that.

    If there's even a small chance that somebody behind a corporate firewall
    got complacent and didn't keep the AV software up to date and/or got
    caught by an infected website, then we still have to scan mail from them
    regardless of who registered their domain. This makes checking the
    registrar an extra and needless task since, like white/black listing,
    its something we need to do for for every piece of mail we receive.

    I'd be happy to know I'm wrong about this, but so far none of the domain
    lookup advocates have produced hard evidence of its benefits. Also,
    nobody has explained how to automate the job apart from the possibly
    abusive use of whois lookups. A manually maintained list doesn't cut it
    for me: its far too easy for list maintenance to get out of date, which
    is why I won't use a personal white list until I can automate its
    maintenance.

    Martin


  15. Re: Detecting the Registrar of the sending host?


    On 2 Jul 2008, at 19:56, Marc Perkel wrote:
    >>

    >
    > Again - it's not to figure out where spam comes from. It's figuring
    > out where non-spam comes from. I think there are registrars out
    > there that don't have any spam domains registered.
    >



    What are you trying to prove?

    Your logic completely escapes me

    I also fail to see how the registrar is of much importance

    There are over 900 ICANN accredited registrars

    Of those about 200 odd are active

    Of the 200 a handful account for the bulk of all domains registered /
    managed

    Statistically this means you're going to see spam from domains
    registered with enom, godaddy, directi, tucows and a few others. It
    doesn't mean anything

    In fact it's totally meaningless


    Mr Michele Neylon
    Blacknight Solutions
    Hosting & Colocation, Brand Protection
    http://www.blacknight.com/
    http://blog.blacknight.com/
    Intl. +353 (0) 59 9183072
    Locall: 1850 929 929
    Direct Dial: +353 (0)59 9183090
    Fax. +353 (0) 1 4811 763
    -------------------------------
    Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
    Park,Sleaty
    Road,Graiguecullen,Carlow,Ireland Company No.: 370845


  16. Message-ID:Reply-To:References:MIME-Version:Content-Type:In-Reply-To; b=ylLixE1Xpup0VMjCLd59hikKUusJSxDfR79DYnXaY6BSOALG RRl311WakZz2ovgYTuAoaTdSbBagjckwlQ5AjQpVnKi4fph5If 2L0qrOmwfOSXMQ5ocIvGLnfA9HY+xgb0YHrE+lFYnrfAtjdbPn R5y6vqSeZ0w7WgejF6JoOJk=

    On Thu, Jul 03, 2008 at 11:09:15AM +0100, Michele Neylon wrote:
    >
    > On 2 Jul 2008, at 19:56, Marc Perkel wrote:
    >>>

    >>
    >> Again - it's not to figure out where spam comes from. It's figuring
    >> out where non-spam comes from. I think there are registrars out there
    >> that don't have any spam domains registered.
    >>

    >
    >
    > What are you trying to prove?
    >
    > Your logic completely escapes me


    So does yours.

    > I also fail to see how the registrar is of much importance
    >
    > There are over 900 ICANN accredited registrars
    >
    > Of those about 200 odd are active
    >
    > Of the 200 a handful account for the bulk of all domains registered /
    > managed
    >
    > Statistically this means you're going to see spam from domains
    > registered with enom, godaddy, directi, tucows and a few others. It
    > doesn't mean anything
    >
    > In fact it's totally meaningless


    If lesser registrar means that it's probably ham, why couldn't someone use
    that to add some negative scores or use it as a part of whitelist
    trustworthiness? Even if it's handful of domains, it's useful. If you could
    get the registrar data without expensive lookups..


  17. Re: Detecting the Registrar of the sending host?


    On 3 Jul 2008, at 11:22, Henrik K wrote:
    >>
    >> Your logic completely escapes me

    >
    > So does yours.


    Diddums


    Mr Michele Neylon
    Blacknight Solutions
    Hosting & Colocation, Brand Protection
    http://www.blacknight.com/
    http://blog.blacknight.com/
    Intl. +353 (0) 59 9183072
    Locall: 1850 929 929
    Direct Dial: +353 (0)59 9183090
    Fax. +353 (0) 1 4811 763
    -------------------------------
    Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
    Park,Sleaty
    Road,Graiguecullen,Carlow,Ireland Company No.: 370845


  18. Re: Detecting the Registrar of the sending host?

    On 03.07.08 13:22, Henrik K wrote:
    > If lesser registrar means that it's probably ham, why couldn't someone use
    > that to add some negative scores or use it as a part of whitelist
    > trustworthiness? Even if it's handful of domains, it's useful. If you could
    > get the registrar data without expensive lookups..


    what if spammers start register domains using those registrars?

    --
    Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
    Warning: I wish NOT to receive e-mail advertising to this address.
    Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
    The early bird may get the worm, but the second mouse gets the cheese.


  19. Re: Detecting the Registrar of the sending host?



    Michele Neylon wrote:
    >
    > On 2 Jul 2008, at 19:56, Marc Perkel wrote:
    >>>

    >>
    >> Again - it's not to figure out where spam comes from. It's figuring
    >> out where non-spam comes from. I think there are registrars out there
    >> that don't have any spam domains registered.
    >>

    >
    >
    > What are you trying to prove?
    >
    > Your logic completely escapes me
    >
    > I also fail to see how the registrar is of much importance
    >
    > There are over 900 ICANN accredited registrars
    >
    > Of those about 200 odd are active
    >
    > Of the 200 a handful account for the bulk of all domains registered /
    > managed
    >
    > Statistically this means you're going to see spam from domains
    > registered with enom, godaddy, directi, tucows and a few others. It
    > doesn't mean anything
    >
    > In fact it's totally meaningless
    >


    It's interesting how the concept of white rules seems to be beyond
    comprehension here. There is a registrar called markmonitor.com that
    looks like a very high end and expensive registrar that only services
    big companies like banks and such. So domains who are registered through
    Markmonitor would not be spammers and would likely be all ham. This
    isn't about spam detection - it's about ham detection.


  20. Re: Detecting the Registrar of the sending host?



    Matus UHLAR - fantomas wrote:
    > On 03.07.08 13:22, Henrik K wrote:
    >
    >> If lesser registrar means that it's probably ham, why couldn't someone use
    >> that to add some negative scores or use it as a part of whitelist
    >> trustworthiness? Even if it's handful of domains, it's useful. If you could
    >> get the registrar data without expensive lookups..
    >>

    >
    > what if spammers start register domains using those registrars?
    >

    The registrars I'm talking about are extremely expensive and very
    exclusive. Spammers couldn't afford it.



+ Reply to Thread
Page 1 of 2 1 2 LastLast