Block recently registered domains

Reply
L2 Linker

Block recently registered domains

Is anyone successfully blocking domains that have been registered recently (last 30 days)? My testing has shown in the last three days, 380k domains have been registered. My PA-3020 capacity for External Dynamic Lists only supports a total capacity of 50k domains. Does anyone know of a better method to achieve this?

L7 Applicator

Re: Block recently registered domains

Hello @ascit,

We dont block based on the age of a domain, we only block on categories. Quite a bit of the time, but not always, the newer ones are lumped into the 'Unknow' category and we block that one.

 

I would say that not all newly registered domains are 'bad' and can have an impact on the user base.

 

Hope that helps.

Community Manager

Re: Block recently registered domains

Most of the new domains will fall under the 'unknown' category as @Otakar.Klier mentions, until our crawlers pay a visit, or we get submissions/field reports/samples of what the domain is hosting and then it get categorized as one of the regular categories

 

so blocking 'unknown' will likely do the job satisfactory


Help the community: Like helpful comments and mark solutions
Reaper out
L2 Linker

Re: Block recently registered domains

We do block the unknown category. A known malicious domain which was registered 8 days prior to the phishing emails being sent through was categorised as computer-and-internet-info.

L7 Applicator

Re: Block recently registered domains

Hello,

I understand the frustration there. Does your company use a mail filtering tool or service? This is where it should have gotten caught I think since it was delivered via an email? 

 

Just a few thoughts.

 

Highlighted
L2 Linker

Re: Block recently registered domains

Thanks for your input. Blocking this traffic at the firewall would be far more effective.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!