On Sat, 13 Mar 2021, Kevin A. McGrail wrote:
If you have spamples and they aren't able to be blocked otherwise, a 4tld
is certainly something to consider.
I have a ruleset generated from my spam corpus in my sandbox. But that's
just based on the (relative) trickle of spam me and my wife get.
They hav quieted down recently. I don't know whether it's because that
technique isn't working out, or they just haven't targeted me lately.
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171
On Fri, Jan 22, 2021 at 11:55 AM John Hardin <[email protected]> wrote:
Folks:
I've been seeing more frequently lately phishing that leverages web apps
hosted by Google and Microsoft as a collection point.
I couple of days ago I added firebaseapp.com and web.app to the default
util_rb_2tld list to cover firebase apps hosted by Google.
I've just seen a couple of phishes leveraging MS Azure web apps:
multadetrafico.eastus.cloudapp.azure.com
multapendente.westus2.cloudapp.azure.com
Unfortunately these can't be added as they have an Azure zone in the
fourth position and we don't have a util_rb_4tld directive...
So, topic for discussion: do we need to add a util_rb_4tld for this?
Related: does URIBL register names that deep?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[email protected] pgpk -a [email protected]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Failure to plan ahead on someone else's part does not constitute
an emergency on my part. -- David W. Barts in a.s.r
-----------------------------------------------------------------------
Tomorrow: Daylight Saving Time begins in U.S. - Spring Forward
