whois
Fraser Campbell
fraser-eicrhRFjby5dCsDujFhwbypxlwaOVQ5f at public.gmane.org
Thu Jan 26 14:03:55 UTC 2006
Ian Zimmerman wrote:
> Lennart> I also VERY much hope it stays this way. Many problems have
> Lennart> been caused by people trying to automatically harvest contact
> Lennart> info from whois to spam people. The harder that is to
> Lennart> automate, the better.
>
> Unfortunately, that's exactly what I am supposed to do, for a
> legitimate purpose (part of which is _fighting spam_, in fact).
I did something similar a few years ago. A perl filter in my .procmailrc:
* check if it's a virus with clamav
* if virus read all of the received headers
* step through received headers in reverse order finding first
legitimate looking mail relay (i.e. routeable IP)
* do PTR lookups on mail relays until one with valid DNS shows up
* verify that an MX record exists for found domain
* chop of leading parts of domain until left with domain that has a
valid MX record
* email abuse at domain informing them that someone on their network is
sending viruses and giving them a copy of all the original email
headers
I would love to have relied on whois but I saw 2 problems with it. The
one you're talking about (lack of consistency in data) and also the fact
that a lot of ISPs do show who specific subnets are delegated to ...
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list