spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Bertoch <>
Subject Re: Constant .info domain spam
Date Fri, 15 Oct 2010 00:59:29 GMT
  On 10/14/2010 8:26 PM, Julian Yap wrote:
> On Thu, Oct 14, 2010 at 4:24 AM, Jason Bertoch<>  wrote:
>> On 2:59 PM, Julian Yap wrote:
>>> NOTE: I changed the domains below to 'dot info' as the mailing list
>>> rejected my initial submission.
>>> I'm pretty sure it's not just me but there is some constant spamming
>>> from  dot info domains.  Perhaps for the past 2 months or so.
>>> Often they send hundreds per day and consistently from the same IP's.
>> dot info domains hadn't crossed my radar, but I decided to look anyway and
>> found that my logs agree with your notion that 99% (100%?) of dot info From:
>> addresses are spam.  Roughly 75% of mine are caught at the door by RBL's at
>> the MTA level.  Of the ones that get through, another 75% score above my
>> reject threshold.  A simple rule to bump the points of any dot info From:
>> address has now pushed everything to the tag level, and even many of the
>> tags to rejects.
>> For what it's worth, the ones making it past the RBL's in the MTA do not
>> match any stock RCVD_IN_* rules.
> I think I'm going to write my own logic and block things at the MTA
> level.  Implement my own local RBL based on some algorithms.

For what it's worth, the rule I'm using is:

# .info domains 99% spam (100%?)
header     JB_FROM_INFO_TLD     From:addr =~ /\@*\.info$/i
describe     JB_FROM_INFO_TLD     From: address in .info TLD
score     JB_FROM_INFO_TLD     .01

Although broad rules such as this are generally discouraged, a score of 
3 has proven effective based on my mail flow.


View raw message