Re: [PLUG] spamassassin help: create a rule to score by sender TLD

ac on 19 Oct 2016 07:41:09 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] spamassassin help: create a rule to score by sender TLD

From: ac <ac@main.me>
To: Greg Helledy <gregsonh@gra-inc.com>
Subject: Re: [PLUG] spamassassin help: create a rule to score by sender TLD
Date: Wed, 19 Oct 2016 16:41:00 +0200
Cc: plug@lists.phillylinux.org
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=main.me; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References: In-Reply-To:Subject:Cc:To:From:Date:Sender:Reply-To:Message-ID:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=ZGu+B9Q5qOf/jQWP2hc4EAmtGNp3ynit7hQE9ho/y7g=; b=hX5cBJ+s7in2ogvZuBbcpP6am5 pPi2vdPoOCSE2migPuYYs4cJdqMXLxPNel1BI4F1mN62UDrr4Ef8TpXgUa62d6/CrCx6XZtZup6yB DlMG6wOGeo8c9DdBJu0W6bfBuRwXmaAoz13NdQonSG07pwbVcnQMC0VUOHUxFd4/5/GqFaUS67xDH f4f7E6A0057iM6xg9txvkV0pKk/EHQArAGAHa6nNwNlpiOhJhPy5G1PllyS6ySRAYcIdDJ2/CMSqS yjBorIoZDXxsvLvcO5awpVBTT2vcxLE8iqV1gCaA/TH1h/JEHtSwX0opyNHeQbMHkv+6nhLlwQuIe d5EkaQwA==;
Organization: acmain
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

On Wed, 19 Oct 2016 10:29:24 -0400
Greg Helledy <gregsonh@gra-inc.com> wrote:
> My thought was that coming from these TLDs was an indicator of spam,
> but not a guarantee of spam.  There may well be legitimate traffic
> coming from them, now or in the future.
> 
your thoughts, by your own stats, were wrong... - so, read your own
numbers and do not do that!

> So, I don't want to block them altogether, but make it so that coming 
> from these TLDs increases the spam score of that mail.  I wonder how
> I could do that.
> FWIW, I pulled a report of the last 1,000 mails rejected by
> Spamassassin for having too high a score.  Of those, the biggest TLDs
> were: .top 	437
> .com 	314

in mine, .com is about twice that of any other...

I thought that by now it is clear that you should not block/punish by
domain name as it serves no purpose.

You should block the 1,8% (and as ipv4 space becomes more saturated,
further declining) of IP ranges that send 95% of spam...

It used to be 2,5% of ipv4 sends 95% of spam, and as ipv4 becomes more
scarce, I predict that spam / abuse from ipv4 will become even better
monitored and acted upon...

Right now the most spam that gets through dnsbl is from google.com
and yahoo.com 

If you block Google they bounce to their user saying that YOU have a
technical error - even though you are refusing their 'compromized' /
abusive server specifically...

now that behavior is truly evil.

andre

> .stream	43
> .us   	40
> .club  	37
> .gdn	23
> .bid	22
> .faith	12
> 
> Surprisingly, the two-letter country TLDs other than .us were
> basically nonexistent (a handful each from .il, .vn, .co, .ga)
> 

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- Re: [PLUG] spamassassin help: create a rule to score by sender TLD
  - From: Greg Helledy <gregsonh@gra-inc.com>

Prev by Date: [PLUG] Eric S. Raymond's talk "NTPsec" presented 2016-10-17 @ PLUG West
Next by Date: Re: [PLUG] spamassassin help: create a rule to score by sender TLD
Previous by thread: Re: [PLUG] spamassassin help: create a rule to score by sender TLD
Next by thread: Re: [PLUG] spamassassin help: create a rule to score by sender TLD
Index(es):
- Date
- Thread