<<<
Chronological Index
>>> <<<
Thread Index
>>>
[gnso-ff-pdp-may08] Scope of this project
- To: "gnso-ff-pdp-May08@xxxxxxxxx" <gnso-ff-pdp-May08@xxxxxxxxx>
- Subject: [gnso-ff-pdp-may08] Scope of this project
- From: Marc Perkel <marc@xxxxxxxxxx>
- Date: Thu, 03 Jul 2008 09:18:27 -0700
I know this is called the Fast Flux group but is the discussion limited
to just that or can we talk about broader concepts of preventing
phishing, fraud, and criminal activity in general?
Also - one of the things that I'm interested in exploring is registrars
providing DNS lookup of additional non-private information about a
domain so that people in the spam filtering business, like myself, have
more information in order to determine if an email is likely to be fraud.
For example - if I could read through a DNS lookup what the age of the
domain was in days and the number of name servers changes made recently
I could block fast flux messages. Suppose for example there was a domain
whois.info. We do a lookup as follows:
dig example.com.age.whois.info TXT
This would return the age of the domain (or owned by current owner).
dig example.com.nschanges.whois.info
This could returnL
127.0.0.1 if 0 to 1 NS change in the last 3 days.
127.0.0.2 if 2-3 changes in the last 3 days
127.0.0.3 if more than 3 changes in last 3 days.
I would also like this:
dig example.com.registrar.whois.info TXT
This would return the registrar name.
Another request - finding out who to report problems to.
dig example.com.domain-abuse.whois.info TXT
This would return the email address to report problems to.
or for IP address 1.2.3.4 ...
dig 4.3.2.1.ip-abuse.whois.info TXT
This would return the email address to report problems with an IP address.
Right now I have a list of 1,615,203 IP addresses of virus infected
spambots that have tried to spam one of my servers in the last 5 days.
If I had a place to report the problem using automation I could take out
1.6 million spambots. But I don't have a way to do that. This kind of
information would allow this to happen.
Information like this would be very valuable to someone like me in
fighting spam, fraud, and fast flux. And - I believe with the right
policies and procedures I could put myself out of business by completely
eliminating the virus problem.
So - thoughts? Can we do this? Can we create a whois.info domain to
publish non-private info on domains to help stop fraud and phishing?
Marc Perkel
Junk Email Filter
http://www.junkemailfilter.com
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|