You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by SM <sm...@resistor.net> on 2011/08/28 01:38:27 UTC

Re: blacklist based on authoritative nameservers of sender domain

At 16:52 22-08-2011, Adam Katz wrote:
>You can't do whois en-masse (I'd love that, but ...), so this means an
>NS host lookup.  To determine if they are authoritative, that's another
>lookup (which I don't believe is necessary).  A blocklist would also be
>another lookup (if using a BL, it could check the authoritativeness),
>but I don't think that's completely necessary either.

You don't need to use Whois.  You already have the data:

; ANSWER SECTION:
apache.org.         1800    IN      A       140.211.11.131

;; AUTHORITY SECTION:
apache.org.             86398   IN      NS      ns2.no-ip.com.
apache.org.             86398   IN      NS      ns1.eu.bitnames.com.
apache.org.             86398   IN      NS      ns2.surfnet.nl.
apache.org.             86398   IN      NS      ns1.us.bitnames.com.

It's been a while since I tested this.  If I recall correctly, it was 
prone to false positives.  You might be able to do some scoring 
instead of blacklisting.

Regards,
-sm