I block a lot of these pieces of shit domains, including .cam:
deny
message = 5.7.1 Banned TLD in MAIL FROM
sender_domains =
^(?i).*\\.(accountant|accountants|asia|auto|berlin|bid|buzz|camera|car|cam|cars|casa|christmas|click|club|college|computer|country|cricket|date|design|download|exposed|email|fail|
faith|fit|fun|gdn|global|guru|help|host|jetzt|kim|icu|life|live|link|loan|london|media|men|mom|news|ninja|online|party|photography|pro|protection|pub|racing|realtor|reise|ren|rent|rest|review|rocks|science|security|
shop|site|solutions|space|storage|store|stream|study|surf|tech|technology|theatre|today|top|trade|university|uno|us|viajes|vip|vividal|wang|webcam|website|win|work|works|world|xin|xyz|zip|xn--.*)\$
And also in acl_data:
deny
message = 5.7.1 Banned TLD in MIME From
condition = ${if match
{$h_from:}{^(?i).*\\.(accountant|accountants|asia|auto|berlin|bid|buzz|camera|car|cam|casa|cars|christmas|click|club|college|computer|country|cricket|date|design|download|exposed|email|fail
|faith|fit|fun|gdn|global|guru|help|host|jetzt|kim|icu|life|live|link|loan|london|media|men|mom|news|ninja|online|party|photography|pro|protection|pub|racing|realtor|reise|ren|rent|rest|review|rocks|science|security
|shop|site|solutions|space|storage|store|stream|study|surf|tech|technology|theatre|today|top|trade|university|uno|us|viajes|vip|vividal|wang|webcam|website|win|work|works|world|xin|xyz|zip|xn--.*)>\$}{yes}{no}}
There you have 2 nice blocklists to use in EXIM.
-----Ursprungligt meddelande-----
Från: Anne Mitchell via mailop <[email protected]>
Skickat: den 27 maj 2022 20:03
Till: Hans-Martin Mosner via mailop <[email protected]>
Ämne: [mailop] Any reason to NOT block the entire .cam domain?
We've started getting a fair amount of spam from .cam domains; in fact they all
look the same, using the same HTML template with the same body format, but from
different .cam domain for different 'businesses', so I suspect that one
operation is selling "email marketing" packages to clients and setting it up
for them, especially as they all are sending through their own domains, and,
let's face it, these sorts of spammers usually don't know how to set up their
own MX, etc.. rather than spamming through Google or Outlook.
They are all coming from:
77.73.131.0/24
185.221.66.0/24
they share:
mnt-routes: ashitt
mnt-domains: ashitt
mnt-by: ashitt
A few sample domains are:
stretchch.cam
inogenosx.cam
securetho.cam
livingcois.cam
I have a body of about 20 now (I'm sure I deleted many more) that are all
clearly set up by the same entity, for/from different "businesses" using their
own domains, so it's clearly a spam factory (they are almost certainly
including a mailing list with the setup). Full samples available upon request.
Anyways, can anyone think of a single reason to *not* block all of .cam?
Or, hey, to not get these IPs listed? ;-)
P.S. Aaah, a TLD that can be, in quick-glance, mistaken for .com; good
thinking!
Anne
--
Anne P. Mitchell, Attorney at Law
CEO ISIPP SuretyMail
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook Board of Directors, Denver Internet
Exchange Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School Prof.
Emeritus, Lincoln Law School Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus: Mail Abuse Prevention System (MAPS) (now the anti-spam arm of
TrendMicro)
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
