New Day old Bread list trick - SpamAssassin

This is a discussion on New Day old Bread list trick - SpamAssassin ; I just discovered the "Day old Bread" list of host names under 5 days old. I don't know where they get it but the list is very useful. As many of you know I also track hosts that don't use ...

+ Reply to Thread
Results 1 to 11 of 11

Thread: New Day old Bread list trick

  1. New Day old Bread list trick

    I just discovered the "Day old Bread" list of host names under 5 days
    old. I don't know where they get it but the list is very useful.

    As many of you know I also track hosts that don't use the QUIT command
    to close connections. So it occurred to me that if a domain is less than
    5 days old AND it isn't using quit that it's spam. I'm thinking about
    creating some kind of feed or public list of the host names I catch. Is
    anyone interested in this data and if so - what form would you like it in?


  2. Re: New Day old Bread list trick

    This is quite an interesting trick. Never actually thought about it. I did
    a quick Google and found this.
    http://mail-archives.apache.org/mod_...inetmsg.com%3E.
    If that is any help. DNSRBL format would be best for me.

    Curtis LaMasters
    http://www.curtis-lamasters.com
    http://www.builtnetworks.com


  3. Re: New Day old Bread list trick

    Great minds think alike.

    What I'm doing is a modification of this. I'm using the Day old Bread
    list but only adding IF they also skip the QUIT to close the connection
    AND I'm subtracting out my white list.

    Curtis LaMasters wrote:
    > This is quite an interesting trick. Never actually thought about it.
    > I did a quick Google and found this.
    > http://mail-archives.apache.org/mod_...inetmsg.com%3E.
    > If that is any help. DNSRBL format would be best for me.
    >
    > Curtis LaMasters
    > http://www.curtis-lamasters.com
    > http://www.builtnetworks.com
    >



  4. Re: New Day old Bread list trick

    On Monday 15 September 2008, Marc Perkel wrote:
    >I just discovered the "Day old Bread" list of host names under 5 days
    >old. I don't know where they get it but the list is very useful.
    >
    >As many of you know I also track hosts that don't use the QUIT command
    >to close connections. So it occurred to me that if a domain is less than
    >5 days old AND it isn't using quit that it's spam. I'm thinking about
    >creating some kind of feed or public list of the host names I catch. Is
    >anyone interested in this data and if so - what form would you like it in?


    I think that could be useful, and if in a format that could be put as a link
    near the top of a .procmailrc to save feeding it to SA, would be
    advantageous.

    --
    Cheers, Gene
    "There are four boxes to be used in defense of liberty:
    soap, ballot, jury, and ammo. Please use in that order."
    -Ed Howdershelt (Author)
    This is a NO-FRILLS flight -- hold th' CANADIAN BACON!!


  5. Re: New Day old Bread list trick

    Marc Perkel wrote:
    > I just discovered the "Day old Bread" list of host names under 5 days
    > old. I don't know where they get it but the list is very useful.


    I remember playing with this list a few years ago but now they seem to
    lag a few days behind. For example, as of right now, 'superbleached dot
    com' is not showing up in the list despite being registered on
    09-14-2008. Because of this lag I created my own version of the list
    where I directly process the .ORG, .NET, .COM, .INFO, .US, .COOP and
    ..BIZ TLD zones every day shortly after they are posted. I list all
    domains in those TLDs that are within the standard domain tasting period
    (currently 5 days). Would it be of value if I made this list available
    in RBLDNS format? I have limited resources but would be willing to make
    an effort if there is any interest.

    --Blaine


  6. Re: New Day old Bread list trick



    Blaine Fleming wrote:
    > Marc Perkel wrote:
    >> I just discovered the "Day old Bread" list of host names under 5 days
    >> old. I don't know where they get it but the list is very useful.

    >
    > I remember playing with this list a few years ago but now they seem to
    > lag a few days behind. For example, as of right now, 'superbleached
    > dot com' is not showing up in the list despite being registered on
    > 09-14-2008. Because of this lag I created my own version of the list
    > where I directly process the .ORG, .NET, .COM, .INFO, .US, .COOP and
    > .BIZ TLD zones every day shortly after they are posted. I list all
    > domains in those TLDs that are within the standard domain tasting
    > period (currently 5 days). Would it be of value if I made this list
    > available in RBLDNS format? I have limited resources but would be
    > willing to make an effort if there is any interest.
    >
    > --Blaine
    >


    How do you get the list? I have the resources. I'd like to make it
    available. If you can tell me how to get the list myself I'll do it.
    Tell me what works best for you. I think the list would be very valuable
    as a factor to test for spam.


  7. Re: New Day old Bread list trick

    Marc Perkel wrote:
    >
    >
    > Blaine Fleming wrote:
    >> Marc Perkel wrote:
    >>> I just discovered the "Day old Bread" list of host names under 5
    >>> days old. I don't know where they get it but the list is very useful.

    >>
    >> I remember playing with this list a few years ago but now they seem
    >> to lag a few days behind. For example, as of right now,
    >> 'superbleached dot com' is not showing up in the list despite being
    >> registered on 09-14-2008. Because of this lag I created my own
    >> version of the list where I directly process the .ORG, .NET, .COM,
    >> .INFO, .US, .COOP and .BIZ TLD zones every day shortly after they are
    >> posted. I list all domains in those TLDs that are within the
    >> standard domain tasting period (currently 5 days). Would it be of
    >> value if I made this list available in RBLDNS format? I have limited
    >> resources but would be willing to make an effort if there is any
    >> interest.
    >>
    >> --Blaine
    >>

    >
    > How do you get the list? I have the resources. I'd like to make it
    > available. If you can tell me how to get the list myself I'll do it.
    > Tell me what works best for you. I think the list would be very
    > valuable as a factor to test for spam.


    I get the list by generating the data myself directly from the TLD zone
    files. It takes me about three hours to download and process the ~8.5GB
    of uncompressed data (~246 million lines) on a single server. I've made
    it available to anyone interested so contact me offlist with the IP or
    netblock if you would like access.

    --Blaine


  8. Re: New Day old Bread list trick



    Blaine Fleming wrote:
    > Marc Perkel wrote:
    >>
    >>
    >> Blaine Fleming wrote:
    >>> Marc Perkel wrote:
    >>>> I just discovered the "Day old Bread" list of host names under 5
    >>>> days old. I don't know where they get it but the list is very useful.
    >>>
    >>> I remember playing with this list a few years ago but now they seem
    >>> to lag a few days behind. For example, as of right now,
    >>> 'superbleached dot com' is not showing up in the list despite being
    >>> registered on 09-14-2008. Because of this lag I created my own
    >>> version of the list where I directly process the .ORG, .NET, .COM,
    >>> .INFO, .US, .COOP and .BIZ TLD zones every day shortly after they
    >>> are posted. I list all domains in those TLDs that are within the
    >>> standard domain tasting period (currently 5 days). Would it be of
    >>> value if I made this list available in RBLDNS format? I have
    >>> limited resources but would be willing to make an effort if there is
    >>> any interest.
    >>>
    >>> --Blaine
    >>>

    >>
    >> How do you get the list? I have the resources. I'd like to make it
    >> available. If you can tell me how to get the list myself I'll do it.
    >> Tell me what works best for you. I think the list would be very
    >> valuable as a factor to test for spam.

    >
    > I get the list by generating the data myself directly from the TLD
    > zone files. It takes me about three hours to download and process the
    > ~8.5GB of uncompressed data (~246 million lines) on a single server.
    > I've made it available to anyone interested so contact me offlist with
    > the IP or netblock if you would like access.
    >
    > --Blaine
    >


    Where do you download those zone files from? I've got some serious
    bandwidth and computing power.


  9. Re: New Day old Bread list trick

    Marc Perkel wrote:
    >
    >
    > Blaine Fleming wrote:
    >> Marc Perkel wrote:
    >>>
    >>>
    >>> Blaine Fleming wrote:
    >>>> Marc Perkel wrote:
    >>>>> I just discovered the "Day old Bread" list of host names under 5
    >>>>> days old. I don't know where they get it but the list is very useful.
    >>>>
    >>>> I remember playing with this list a few years ago but now they seem
    >>>> to lag a few days behind. For example, as of right now,
    >>>> 'superbleached dot com' is not showing up in the list despite being
    >>>> registered on 09-14-2008. Because of this lag I created my own
    >>>> version of the list where I directly process the .ORG, .NET, .COM,
    >>>> .INFO, .US, .COOP and .BIZ TLD zones every day shortly after they
    >>>> are posted. I list all domains in those TLDs that are within the
    >>>> standard domain tasting period (currently 5 days). Would it be of
    >>>> value if I made this list available in RBLDNS format? I have
    >>>> limited resources but would be willing to make an effort if there
    >>>> is any interest.
    >>>>
    >>>> --Blaine
    >>>>
    >>>
    >>> How do you get the list? I have the resources. I'd like to make it
    >>> available. If you can tell me how to get the list myself I'll do it.
    >>> Tell me what works best for you. I think the list would be very
    >>> valuable as a factor to test for spam.

    >>
    >> I get the list by generating the data myself directly from the TLD
    >> zone files. It takes me about three hours to download and process
    >> the ~8.5GB of uncompressed data (~246 million lines) on a single
    >> server. I've made it available to anyone interested so contact me
    >> offlist with the IP or netblock if you would like access.
    >>
    >> --Blaine
    >>

    >
    > Where do you download those zone files from? I've got some serious
    > bandwidth and computing power.
    >
    >

    You have to execute a zone file access agreement with each of the TLDs
    you want to obtain the data from. There are several that are
    unresponsive and even more that just outright deny your access.

    --Blaine


  10. Re: New Day old Bread list trick

    * Blaine Fleming :
    > Marc Perkel wrote:
    >> I just discovered the "Day old Bread" list of host names under 5 days
    >> old. I don't know where they get it but the list is very useful.

    >
    > I remember playing with this list a few years ago but now they seem to
    > lag a few days behind. For example, as of right now, 'superbleached dot
    > com' is not showing up in the list despite being registered on
    > 09-14-2008. Because of this lag I created my own version of the list
    > where I directly process the .ORG, .NET, .COM, .INFO, .US, .COOP and .BIZ
    > TLD zones every day shortly after they are posted. I list all domains in
    > those TLDs that are within the standard domain tasting period (currently 5
    > days). Would it be of value if I made this list available in RBLDNS
    > format? I have limited resources but would be willing to make an effort
    > if there is any interest.


    It would definitely be interesting!

    --
    Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt@charite.de
    Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155
    Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962
    IT-Zentrum Standort CBF I'm looking for a job!


  11. Re: New Day old Bread list trick


    On Mon, 2008-09-15 at 07:11 -0700, Marc Perkel wrote:
    > I just discovered the "Day old Bread" list of host names under 5 days
    > old. I don't know where they get it but the list is very useful.
    >
    > As many of you know I also track hosts that don't use the QUIT command
    > to close connections. So it occurred to me that if a domain is less than
    > 5 days old AND it isn't using quit that it's spam. I'm thinking about
    > creating some kind of feed or public list of the host names I catch. Is
    > anyone interested in this data and if so - what form would you like it in?
    >



    But Marc,
    I have found that the DOB dns lookups keep timing out often ( 5s on my
    servers ) and in general they cannot be used on high traffic servers.
    The results may/maynot be good but spending 5s on DNS lookups are
    unaffordable
    The DNS zone "dob.sibl.support-intelligence.net" seems poorly
    maintained.
    There is not even a website for support-intelligence.net.


    Thanks
    Ram


+ Reply to Thread