Re: [exim] WHOIS data lookup

Top Page
Delete this message
Reply to this message
Author: Andy Smith
Date:  
To: exim-users
Subject: Re: [exim] WHOIS data lookup
On Sat, May 13, 2006 at 12:30:26PM -0700, Marc Perkel wrote:
> Is there any kind of a fast database sumewhere (doesn't have to be live)
> where whois data can be looked up fast? I want to be able to pipe a
> bunch of domains (spammers) into something and return the owners. I'm
> figuring out that this might be a very powerful way to ID spam.


WHOIS data doesn't often identify the actual owners of domains,
particularly domains used for/in spam. Seeing which domains share
the same nameservers can sometimes be instructive, although even
then some spammers change their nameservers regularly to avoid
detection.

What you may find useful is translating the IP address to the AS
number which can be done via DNS:

http://www.cymru.com/BGP/asnlookup.html#dns

$ dig +short -t txt 5.231.50.69.origin.asn.cymru.com
"26904 | 69.50.224.0/20 | US | arin | 2003-06-05"
$ dig +short -t txt AS26904.asn.cymru.com
"26904 | US | arin | 2002-12-16 | NECTARTECH - NECTARTECH SERVICES"

Cheers,
Andy