Hello Sebastian, well that is a perfect example why shunning tlds is difficult. Your users will never be able to get tickets for the botanical garden in Berlin (www.bo.berlin). Let us not dive into the universities like the Technische Universität Berlin at www.tu.berlin. And, of course, you might miss this reply alltogether (sender from posel.email).
Well your server your rules, of course. Best regards Johannes Von meinem iPhone gesendet > Am 27.05.2022 um 21:17 schrieb Sebastian Nielsen via mailop > <[email protected]>: > > I block a lot of these pieces of shit domains, including .cam: > > deny > message = 5.7.1 Banned TLD in MAIL FROM > sender_domains = > ^(?i).*\\.(accountant|accountants|asia|auto|berlin|bid|buzz|camera|car|cam|cars|casa|christmas|click|club|college|computer|country|cricket|date|design|download|exposed|email|fail| > faith|fit|fun|gdn|global|guru|help|host|jetzt|kim|icu|life|live|link|loan|london|media|men|mom|news|ninja|online|party|photography|pro|protection|pub|racing|realtor|reise|ren|rent|rest|review|rocks|science|security| > shop|site|solutions|space|storage|store|stream|study|surf|tech|technology|theatre|today|top|trade|university|uno|us|viajes|vip|vividal|wang|webcam|website|win|work|works|world|xin|xyz|zip|xn--.*)\$ > > And also in acl_data: > > deny > message = 5.7.1 Banned TLD in MIME From > condition = ${if match > {$h_from:}{^(?i).*\\.(accountant|accountants|asia|auto|berlin|bid|buzz|camera|car|cam|casa|cars|christmas|click|club|college|computer|country|cricket|date|design|download|exposed|email|fail > |faith|fit|fun|gdn|global|guru|help|host|jetzt|kim|icu|life|live|link|loan|london|media|men|mom|news|ninja|online|party|photography|pro|protection|pub|racing|realtor|reise|ren|rent|rest|review|rocks|science|security > |shop|site|solutions|space|storage|store|stream|study|surf|tech|technology|theatre|today|top|trade|university|uno|us|viajes|vip|vividal|wang|webcam|website|win|work|works|world|xin|xyz|zip|xn--.*)>\$}{yes}{no}} > > > There you have 2 nice blocklists to use in EXIM. > > -----Ursprungligt meddelande----- > Från: Anne Mitchell via mailop <[email protected]> > Skickat: den 27 maj 2022 20:03 > Till: Hans-Martin Mosner via mailop <[email protected]> > Ämne: [mailop] Any reason to NOT block the entire .cam domain? > > We've started getting a fair amount of spam from .cam domains; in fact they > all look the same, using the same HTML template with the same body format, > but from different .cam domain for different 'businesses', so I suspect that > one operation is selling "email marketing" packages to clients and setting it > up for them, especially as they all are sending through their own domains, > and, let's face it, these sorts of spammers usually don't know how to set up > their own MX, etc.. rather than spamming through Google or Outlook. > > They are all coming from: > > 77.73.131.0/24 > 185.221.66.0/24 > > they share: > > mnt-routes: ashitt > mnt-domains: ashitt > mnt-by: ashitt > > A few sample domains are: > > stretchch.cam > inogenosx.cam > securetho.cam > livingcois.cam > > I have a body of about 20 now (I'm sure I deleted many more) that are all > clearly set up by the same entity, for/from different "businesses" using > their own domains, so it's clearly a spam factory (they are almost certainly > including a mailing list with the setup). Full samples available upon request. > > Anyways, can anyone think of a single reason to *not* block all of .cam? > > Or, hey, to not get these IPs listed? ;-) > > P.S. Aaah, a TLD that can be, in quick-glance, mistaken for .com; good > thinking! > > Anne > > -- > Anne P. Mitchell, Attorney at Law > CEO ISIPP SuretyMail > Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) > Author: The Email Deliverability Handbook Board of Directors, Denver Internet > Exchange Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School Prof. > Emeritus, Lincoln Law School Chair Emeritus, Asilomar Microcomputer Workshop > Counsel Emeritus: Mail Abuse Prevention System (MAPS) (now the anti-spam arm > of TrendMicro) > > _______________________________________________ > mailop mailing list > [email protected] > https://list.mailop.org/listinfo/mailop > > _______________________________________________ > mailop mailing list > [email protected] > https://list.mailop.org/listinfo/mailop
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
