ac on 19 Oct 2016 07:41:09 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] spamassassin help: create a rule to score by sender TLD

On Wed, 19 Oct 2016 10:29:24 -0400
Greg Helledy <> wrote:
> My thought was that coming from these TLDs was an indicator of spam,
> but not a guarantee of spam.  There may well be legitimate traffic
> coming from them, now or in the future.
your thoughts, by your own stats, were wrong... - so, read your own
numbers and do not do that!

> So, I don't want to block them altogether, but make it so that coming 
> from these TLDs increases the spam score of that mail.  I wonder how
> I could do that.
> FWIW, I pulled a report of the last 1,000 mails rejected by
> Spamassassin for having too high a score.  Of those, the biggest TLDs
> were: .top 	437
> .com 	314

in mine, .com is about twice that of any other...

I thought that by now it is clear that you should not block/punish by
domain name as it serves no purpose.

You should block the 1,8% (and as ipv4 space becomes more saturated,
further declining) of IP ranges that send 95% of spam...

It used to be 2,5% of ipv4 sends 95% of spam, and as ipv4 becomes more
scarce, I predict that spam / abuse from ipv4 will become even better
monitored and acted upon...

Right now the most spam that gets through dnsbl is from

If you block Google they bounce to their user saying that YOU have a
technical error - even though you are refusing their 'compromized' /
abusive server specifically...

now that behavior is truly evil.


> .stream	43
> .us   	40
> .club  	37
> .gdn	23
> .bid	22
> .faith	12
> Surprisingly, the two-letter country TLDs other than .us were
> basically nonexistent (a handful each from .il, .vn, .co, .ga)

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --