You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by SM <sm...@resistor.net> on 2011/08/28 01:38:27 UTC
Re: blacklist based on authoritative nameservers of sender
domain
At 16:52 22-08-2011, Adam Katz wrote:
>You can't do whois en-masse (I'd love that, but ...), so this means an
>NS host lookup. To determine if they are authoritative, that's another
>lookup (which I don't believe is necessary). A blocklist would also be
>another lookup (if using a BL, it could check the authoritativeness),
>but I don't think that's completely necessary either.
You don't need to use Whois. You already have the data:
; ANSWER SECTION:
apache.org. 1800 IN A 140.211.11.131
;; AUTHORITY SECTION:
apache.org. 86398 IN NS ns2.no-ip.com.
apache.org. 86398 IN NS ns1.eu.bitnames.com.
apache.org. 86398 IN NS ns2.surfnet.nl.
apache.org. 86398 IN NS ns1.us.bitnames.com.
It's been a while since I tested this. If I recall correctly, it was
prone to false positives. You might be able to do some scoring
instead of blacklisting.
Regards,
-sm