Rich Kulawiec on 19 Oct 2016 02:30:30 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] spamassassin help: create a rule to score by sender TLD |
I think it's fair to say that I have some expertise in this area, so: On Tue, Oct 18, 2016 at 12:55:28PM -0400, Greg Helledy wrote: > I know how to blacklist a domain, but I don't want to be that blunt [...] But you should be. It's rapidly becoming a best practice. There are quite a few new TLDs that have been quickly overrun by spammers. I highly recommend blacklisting them outright and -- maybe -- making exceptions on a case-by-case basis. (I say "maybe" because I have very little sympathy for people who make extremely poor decisions and then expect the rest of us to compensate for their lack of due diligence. Anybody registering a domain in something like .stream or .download is either a spammer or clueless. Do you really want email from spammers or idiots?) Spamhaus is now tracking these: The World's Most Abused TLDs https://www.spamhaus.org/statistics/tlds/ But do keep in mind that Spamhaus is very conservative, so what you see on that page is probably a serious underestimate. (Note that the first entry is .science, and per their stats it's nearly 90% bad. Already. It will never get better. It will always get worse. We've seen this movie before and it always ends the same way.) I blacklisted several hundred TLDs the moment they went live. In all the time since, I've had one reported false positive. (And yes, I have a working, tested, reliable mechanism for FP reporting.) I recommend the same course of action for everybody else *unless* you have a business or personal need for email from one of them. More broadly: the age of default permit in email is over. You should think in terms of what you *need*, not what anybody else wants. If you don't need email from Korea or Portugal or Argentina, you should be blocking the entire TLD and the IP address allocations (see ipdeny.com) of those countries outright...not trying to filter traffic from them. The same goes for TLDs, domains, and everything else. ---rsk ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug