Keith C. Perry on 21 Oct 2016 07:36:20 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] spamassassin help: create a rule to score by sender TLD


This whole thread is why I tell new people coming into the IT field that managing mail servers is around the most miserable thing we have to do...

...other than fight with the wonderful world of the MS drones  :D

That said, Charlie said,

"Furthermore, probably the easiest and most fruitful way to avoid getting
spam at all (before it hits any filters or daemons you set up) is to
just not post the raw email address anywhere on the web. Have obfuscated
JavaScript generate the string instead, or use HTML/CSS's built-in
right-to-left functionality to display it if you absolutely positively
need to display the raw address."

THAT...

To go a step further.  Use role accounts, "throw-away" or "burnable" accounts for services when ever you can.

You have to treat spam as a security issue.  That means where you can't use the trivial solution (i.e. delete the receiving account or change servers) or "broad sword" approach (i.e. block countries) you increase ingress time- everything from throttling SMTP traffic to obfuscating real email addresses applies.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 
Keith C. Perry, MS E.E. 
Owner, DAO Technologies LLC 
(O) +1.215.525.4165 x2033 
(M) +1.215.432.5167 
www.daotechnologies.com

----- Original Message -----
From: "Charlie Li" <ml+PLUG@vishwin.info>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Sent: Wednesday, October 19, 2016 12:20:40 AM
Subject: Re: [PLUG] spamassassin help: create a rule to score by sender TLD

On 18/10/16 13:42, ac wrote:
>> If you've done something similar, are there other problematic domains 
>> that seem to generate a lot of spam and are unlikely to house
>> legitimate mail senders?  I will stay away from the country-based
>> ones because we do get mail from foreign contacts.  It's more the new
>> TLDs I'm worried about... .xyz is another one I noticed and would
>> probably score.
>>
> I would not do this in that way as there may be legit domains @ .xyz
> or .top and your users (if you are a hosting co) may/will complain
> about dropping legit email...
> 
Indeed. I recently registered a .xyz myself and will be used for my
upcoming business. I know a few people who also use .xyz as their
personal domain for their website and of course email.
> best way to stop spam is still the dnsbl, like SpamCop.net &
> superblock.ascams.com & spamhaus/org etc etc
> 
Exactly.

Furthermore, probably the easiest and most fruitful way to avoid getting
spam at all (before it hits any filters or daemons you set up) is to
just not post the raw email address anywhere on the web. Have obfuscated
JavaScript generate the string instead, or use HTML/CSS's built-in
right-to-left functionality to display it if you absolutely positively
need to display the raw address.

-- 
Charlie Li
Can't think of a witty .sigline today…

(This email address is for mailing list use only;
replace local-part with vishwin for off-list communication)


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug