23 May
2018
23 May
'18
10:35 a.m.
Dan Hollis wrote:
How about the ones with broken contact data - deliberately or not? A whois blacklist sounds good to me. DNS WBL?
Many sites are already doing this locally. It's just a matter of time before Spamhaus or an up-and-coming entity has an RBL for it. The data is perhaps not precise enough for a blacklist but obfuscated whois records are certainly useful in calculating the reputation of ingress/egress SMTP, HTTP and other services. This is not a new idea and similar to the (unmaintained?) whois.abuse.net contact lookup service, razor/pyzor, and other useful SIEM and Spamassassin inputs. Roger Marquis