Re: [PLUG] spamassassin help: create a rule to score by sender TLD

ac on 19 Oct 2016 04:30:53 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] spamassassin help: create a rule to score by sender TLD

From: ac <ac@main.me>
To: Rich Kulawiec <rsk@gsp.org>
Subject: Re: [PLUG] spamassassin help: create a rule to score by sender TLD
Date: Wed, 19 Oct 2016 13:30:37 +0200
Cc: plug@lists.phillylinux.org
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=main.me; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References: Subject:Cc:To:From:Date:Sender:Reply-To:Message-ID:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=R8+uXWKxOyoWYt0ZFUTpA9AAyOG1VQJ7gwQDu3i3Elc=; b=P/XXZjgGtLZAeUZbkJaC6r9HSG gYUiZl0Ahz7Ph0tYn65be3WHqlGyq3yh3G3tgKxVWsOHoyQpAFsUd6bJFlfVsgsQN0AT47+Nh/4yA 1Q6XgTRIDUxzmgS97RHMWvZtOJ+iLvERksUvhY1eQABb6x3EG8IRAZudE0qWFNxwW05h1DRsT+U9Q qgWBBOoQYMWiIAfxlnr3vBW0iWZvL6pEnkPV9O8NGlubmXcwJIvrjiWMRfTH8pvYcGE4ju7cCNnTa ex7MpN7Cwpad0xl6CVxcEoOsTDNeDquool4es/CWdMn5pP/8pSkDIzO+gU+NXWUxdBvy8EvfDS0VD keFNb60g==;
Organization: acmain
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

funny. but it proves my point exactly.

no I am sending from a well known and maintained ipv4 space, from a
reputable .com mail server... that is blacklisted exactly nowhere -
anytime in the past ten+ years

and you are not receiving my email...

imagine you relied on your email as a business tool (to buy food)

you would be screwed.


  rsk@gsp.org
    host taos.firemountain.net [207.114.3.54]
    SMTP error from remote mail server after RCPT TO:<rsk@gsp.org>:
    550 5.7.1 <rsk@gsp.org>... Mail refused - ruleset-tld/me:
    forward this message to sep2016@firemountain.net if in error



On Wed, 19 Oct 2016 13:25:58 +0200
ac <ac@main.me> wrote:

> On Wed, 19 Oct 2016 05:30:24 -0400
> Rich Kulawiec <rsk@gsp.org> wrote:
> 
> > I think it's fair to say that I have some expertise in this area,
> > so:
> > 
> you have 'some' experience in being aggressively vocally anti spam,
> there is a big difference in having an opinion and actually having to
> deal with end users/clients. 
> 
> > On Tue, Oct 18, 2016 at 12:55:28PM -0400, Greg Helledy wrote:
> > > I know how to blacklist a domain, but I don't want to be that
> > > blunt [...]
> > 
> > But you should be.  It's rapidly becoming a best practice.
> > 
> no, imnsho it is not.
> 
> punishing the ipv4 senders and white-list ipv6 is already best
> practice.
> 
> it works very well.
> 
> > There are quite a few new TLDs that have been quickly overrun by
> > spammers. I highly recommend blacklisting them outright and -- maybe
> > -- making exceptions on a case-by-case basis.  (I say "maybe"
> > because I have very little sympathy for people who make extremely
> > poor decisions and then expect the rest of us to compensate for
> > their lack of due diligence.  Anybody registering a domain in
> > something like .stream or .download is either a spammer or
> > clueless. Do you really want email from spammers or idiots?)
> > 
> > Spamhaus is now tracking these:
> > 
> > 	The World's Most Abused TLDs
> > 	https://www.spamhaus.org/statistics/tlds/
> > 
> > But do keep in mind that Spamhaus is very conservative, so what you
> > see on that page is probably a serious underestimate.  (Note that
> > the first entry is .science, and per their stats it's nearly 90%
> > bad. Already. It will never get better.  It will always get worse.
> > We've seen this movie before and it always ends the same way.)
> > 
> > I blacklisted several hundred TLDs the moment they went live.  In
> > all the time since, I've had one reported false positive.  (And
> > yes, I have a working, tested, reliable mechanism for FP
> > reporting.)  I recommend the same course of action for everybody
> > else *unless* you have a business or personal need for email from
> > one of them.
> > 
> > More broadly: the age of default permit in email is over.  You
> > should think in terms of what you *need*, not what anybody else
> > wants.  If you don't need email from Korea or Portugal or
> > Argentina, you should be blocking the entire TLD and the IP address
> > allocations (see ipdeny.com) of those countries outright...not
> > trying to filter traffic from them. The same goes for TLDs,
> > domains, and everything else.
> > 
> > ---rsk
> > ___________________________________________________________________________
> > Philadelphia Linux Users Group         --
> > http://www.phillylinux.org Announcements -
> > http://lists.phillylinux.org/mailman/listinfo/plug-announce General
> > Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
> 
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --
> http://www.phillylinux.org Announcements -
> http://lists.phillylinux.org/mailman/listinfo/plug-announce General
> Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] spamassassin help: create a rule to score by sender TLD
  - From: Greg Helledy <gregsonh@gra-inc.com>
- Re: [PLUG] spamassassin help: create a rule to score by sender TLD
  - From: Rich Kulawiec <rsk@gsp.org>

Prev by Date: Re: [PLUG] spamassassin help: create a rule to score by sender TLD
Next by Date: Re: [PLUG] spamassassin help: create a rule to score by sender TLD
Previous by thread: Re: [PLUG] spamassassin help: create a rule to score by sender TLD
Next by thread: Re: [PLUG] spamassassin help: create a rule to score by sender TLD
Index(es):
- Date
- Thread