If you have spamples and they aren't able to be blocked otherwise, a 4tld is certainly something to consider. -- Kevin A. McGrail Member, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171
On Fri, Jan 22, 2021 at 11:55 AM John Hardin <[email protected]> wrote: > Folks: > > I've been seeing more frequently lately phishing that leverages web apps > hosted by Google and Microsoft as a collection point. > > I couple of days ago I added firebaseapp.com and web.app to the default > util_rb_2tld list to cover firebase apps hosted by Google. > > I've just seen a couple of phishes leveraging MS Azure web apps: > > multadetrafico.eastus.cloudapp.azure.com > > multapendente.westus2.cloudapp.azure.com > > Unfortunately these can't be added as they have an Azure zone in the > fourth position and we don't have a util_rb_4tld directive... > > So, topic for discussion: do we need to add a util_rb_4tld for this? > > Related: does URIBL register names that deep? > > > -- > John Hardin KA7OHZ http://www.impsec.org/~jhardin/ > [email protected] pgpk -a [email protected] > key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > ----------------------------------------------------------------------- > Maxim I: Pillage, _then_ burn. > ----------------------------------------------------------------------- > Tomorrow: John Moses Browning's 166th Birthday >
