Is anyone successfully blocking domains that have been registered recently (last 30 days)? My testing has shown in the last three days, 380k domains have been registered. My PA-3020 capacity for External Dynamic Lists only supports a total capacity of 50k domains. Does anyone know of a better method to achieve this?
We dont block based on the age of a domain, we only block on categories. Quite a bit of the time, but not always, the newer ones are lumped into the 'Unknow' category and we block that one.
I would say that not all newly registered domains are 'bad' and can have an impact on the user base.
Hope that helps.
Most of the new domains will fall under the 'unknown' category as @OtakarKlier mentions, until our crawlers pay a visit, or we get submissions/field reports/samples of what the domain is hosting and then it get categorized as one of the regular categories
so blocking 'unknown' will likely do the job satisfactory
We do block the unknown category. A known malicious domain which was registered 8 days prior to the phishing emails being sent through was categorised as computer-and-internet-info.
I understand the frustration there. Does your company use a mail filtering tool or service? This is where it should have gotten caught I think since it was delivered via an email?
Just a few thoughts.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!