We need something similar to the RBL lookups used for IP addresses. Something that would tell you how long a domain has been registered, even if it's just <30, <60, <90, <180, <365 or older, so that when my scanner looks through an email, it can quickly and easily do a lookup and score shiny new domains accordingly. Doing a whois on all domains and parsing for the creation date is not trivial and probably violates the terms of service of the whois providers, given the volume of lookups.
Boffins predict web scams with domain registration data
A group of American boffins is loosing artificial intelligence on web scams, demonstrating that analysis of domains at the time of registration can provide an early warning of those that will later be home to spammers and scammers. The idea is to tag the kinds of behaviour at registration time that hints someone is preparing …
COMMENTS
-
Monday 31st October 2016 08:26 GMT richardcox13
Stats Error!
> […]and they claim a false positive rate of just 0.35 per cent.
> (Since they write that 80,000 domains are registered each day, that's still around 250 sites a day unfairly tagged as evil, so PREDATOR still needs some refinement on that score).
The false positive rate is the proportion of sites tagged as fraudulent that shouldn't be. Not the proportion of all registrations. So it will be fewer than 250 falsely tagged sites. The paper does not seem (on a quick scan through) to suggest what proportion of registrations are fraudulent, but that 0.35% should be applied to that number not the total number of registrations.
-