Sebastian & all - two character TLDs are always country code TLDs („ccTLDs“) and never generic TLDs („gTLDs“), maintained and organized in the ICANN framework.
Besides that: Why do you block only .berlin, but not some or even all of the other gTLDs representing cities or regions? Even more, I can’t really spot a pattern at all in your blocking regex, it appears as a random collection of TLDs. Which is obviously totally fine in general - I’d just like to better understand how a certain TLD has made it onto that list. Thanks & best, -C. > Am 02.11.2024 um 21:36 schrieb Sebastian Nielsen via mailop > <mailop@mailop.org>: > > Ooh, the .us was a accidential block from me. Lol. I got a lot of spam like > domains similiar to doctors.helping.us and such. And I tought .us was one of > those crappy new ICANN gTLDs. (call them spam funnels if you want, they > basically collect all spam on the internet and blows it towards mailservers) > > Thanks for pointing out .us gonna unblock it now. > > > Worst offender for me is *.xyz > Its just filling up my logs with garbage. Hope *.xyz is nuked totally from > orbit > > .shop, .pro, .online and .email is blasting out pretty much spam. > > I would consider .online a fraud domain, I would NEVER order anything from > .online . So much fraud and illegitimate sites on .online > Same with .shop. Just scammers popping up their crap. > > .top blasts out pretty much spam, altso lots of hacking attempts and spoof > from *.top > > > 2023-03-06 18:46:59 H=(wuanlaw.top) [106.55.16.123] rejected MAIL > <xap...@wuanlaw.top>: 5.7.1 Banned TLD > 2023-03-11 07:17:48 H=(darvin.top) [124.221.158.202] rejected MAIL > <gub...@darvin.top>: 5.7.1 Banned TLD > 2023-03-16 07:35:51 H=i-org.top [106.75.13.182] rejected MAIL > <mail...@i-org.top>: 5.7.1 Banned TLD > 2023-03-16 08:36:18 H=i-org.top [106.75.13.182] rejected MAIL > <mail...@i-org.top>: 5.7.1 Banned TLD > > 2023-04-28 15:42:08 H=hwsrv-1063153.hostwindsdns.com > (mta0.savethechildenofturkeiy.top) [104.168.246.184] > X=TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256 CV=no rejected > MAIL <sebast...@sebbe.eu>: 5.7.0 You can't spoof the domains this server is > authorative for > 2023-06-30 11:32:57 H=slot0.cedarstz.top (GTwG7V3hE) [185.28.39.60] rejected > MAIL <sebast...@sebbe.eu>: 5.7.0 You can't spoof the domains this server is > authorative for > > 2023-06-30 11:32:58 SMTP protocol error in "AUTH LOGIN" H=slot0.cedarstz.top > (PTUXWX3CW) [185.28.39.60] AUTH command used when not advertised > *REPEATED LIKE 50 TIMES* > 2023-06-30 11:40:32 SMTP protocol error in "AUTH LOGIN" H=slot0.cedarstz.top > (rzA35F9) [185.28.39.60] AUTH command used when not advertised > > 2023-06-30 11:41:06 H=slot0.cedarstz.top (psGLswu) [185.28.39.60] rejected > MAIL <sebast...@sebbe.eu>: 5.7.0 You can't spoof the domains this server is > authorative for > > > > So no, just nuke .top from orbit too. Soo much abuse originating from *.top > > > Here is a good list if you want to block less TLDs, just block the top 50 > gTLDs that isn't the "common" ones: > > https://www.spamhaus.org/reputation-statistics/gtlds/domains > > .top is #19 on that list so clearly a spam blaster. > > > -----Ursprungligt meddelande----- > Från: Jaroslaw Rafa via mailop <mailop@mailop.org> > Skickat: den 2 november 2024 20:55 > Till: mailop@mailop.org > Ämne: Re: [mailop] Gmail not accepting the spam they sent themselves > > Dnia 2.11.2024 o godz. 18:45:13 Sebastian Nielsen via mailop pisze: >> My blocklist is: >> >> /\.(accountant|accountants|asia|auto|berlin|bid|buzz|camera|car|cam|ca >> rs|casa|cfd|christmas|click|club|college|computer|country|cricket|cyou >> |date|design|download|exposed|email|fail|faith|finance|fit|fun|gdn|glo >> bal|guru|help|host|jetzt|kim|icu|life|live|link|loan|london|media|men| >> mom|news|ninja|online|page|party|photography|pro|protection|pub|racing >> |realtor|reise|ren|rent|rest|review|rocks|science|security|shop|site|s >> olutions|space|storage|store|stream|study|surf|tech|technology|theatre >> |today|top|trade|university|uno|us|viajes|vip|vividal|wang|webcam|webs >> ite|win|work|works|world|xin|xyz|zip|xn--.*)$/ > > I have seen quite a lot of legitimate email sent from *.shop and *.pro > domains, and *.us is USA country code TLD and it's something like standard > for schools (and some more public institutions) in USA to have subdomains in > it. So I would advise against blocking these, because you might lose > legitimate mail. > > I have also encountered legitimate websites and email addresses in *.online > and *.email, but these were just a few cases, maybe ten in total. But one > particular message coming from an *.online domain was very important for me, > as it was a document I have ordered, and it would be quite a trouble for me > if I'd lose that mail due to blocking the .online TLD. > > I have also seen quite legitimate websites in *.top, but no mail from this > domain. > > For the rest of the above TLDs, I haven't even seen a useful website with an > address in any of these domains. But I don't block them because I get > absolutely no mail from them. All the spam coming to my server is from > "traditional" .com/.org/.net etc. TLDs. > -- > Regards, > Jaroslaw Rafa > r...@rafa.eu.org > -- > "In a million years, when kids go to school, they're gonna know: once there > was a Hushpuppy, and she lived with her daddy in the Bathtub." > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
