spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Hardin <jhar...@impsec.org>
Subject Re: Frequency of SUSP_NTLD updates
Date Wed, 01 Jul 2020 17:20:50 GMT
On Wed, 1 Jul 2020, @lbutlr wrote:

> On 30 Jun 2020, at 09:31, RW <rwmaillists@googlemail.com> wrote:
>> On Tue, 30 Jun 2020 11:30:17 +0000
>> Roald Stolte wrote:
>>
>>> These mails were all using TLDs such as .site and .online and were
>>> getting marked because of it.
>
> Are others seeing a decrease in spam from .site and .online? All I see 
> from these TLD is 100% spam. They are not at the volume that .top was 
> when this free-for all on TLDs started, but they are not generating any 
> legitimate mail on my servers.

That matches my experience.

>> You could just drop the score for FROM_SUSPICIOUS_NTLD &
>> FROM_SUSPICIOUS_NTLD_FP.
>
> This is probably the best way, but I'd be wary of dropping it too much.

Especially as the rule covers *other* rarely-legit TLDs as well, and that 
would impact their scoring.

I'd suggest instead a rule with an offsetting negative score (not 
necessarily an actual whitelist/accept entry as that's *too* generous) for 
the TLDs (or if possible the specific domains in those TLDs) that are 
causing problems.

I realize this isn't really a welcome solution per the original note but 
until the legitimate use of those TLDs grows the rules punishing them do 
have value.


-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   Microsoft is not a standards body.
-----------------------------------------------------------------------
  3 days until the 244th anniversary of the Declaration of Independence

Mime
View raw message