The pattern is that I fetched it regularly from the spamhaus gTLD list, but also downloaded some "suspicious" ones from the "gTLD ICANN website" (wich lists all the custom gTLDs registred) Those that sound "spammy" enough.
https://newgtlds.icann.org/en/program-status/delegated-strings here I picked a lot of the TLDs. And berlin was a manual block after getting a lot of travel spam advertisment from .berlin spammers. Same with .us that was a manual (wrong) block but found out now that its actually a ccTLD that should never be blocked so unblocked it. The gTLDs (the new ones, not the "classic" ones) are such spam holes. Use that site above to find all the "custom" gTLDs and then block the ones that sound "too spammy". -----Ursprungligt meddelande----- Från: Carsten Schiefner via mailop <mailop@mailop.org> Skickat: den 3 november 2024 09:14 Till: Mailing List <mailop@mailop.org> Ämne: Re: [mailop] Gmail not accepting the spam they sent themselves Sebastian & all - two character TLDs are always country code TLDs („ccTLDs“) and never generic TLDs („gTLDs“), maintained and organized in the ICANN framework. Besides that: Why do you block only .berlin, but not some or even all of the other gTLDs representing cities or regions? Even more, I can’t really spot a pattern at all in your blocking regex, it appears as a random collection of TLDs. Which is obviously totally fine in general - I’d just like to better understand how a certain TLD has made it onto that list. Thanks & best, -C. > Am 02.11.2024 um 21:36 schrieb Sebastian Nielsen via mailop > <mailop@mailop.org>: > > Ooh, the .us was a accidential block from me. Lol. I got a lot of > spam like domains similiar to doctors.helping.us and such. And I > tought .us was one of those crappy new ICANN gTLDs. (call them spam > funnels if you want, they basically collect all spam on the internet > and blows it towards mailservers) > > Thanks for pointing out .us gonna unblock it now. > > > Worst offender for me is *.xyz > Its just filling up my logs with garbage. Hope *.xyz is nuked totally > from orbit > > .shop, .pro, .online and .email is blasting out pretty much spam. > > I would consider .online a fraud domain, I would NEVER order anything > from .online . So much fraud and illegitimate sites on .online Same with > .shop. Just scammers popping up their crap. > > .top blasts out pretty much spam, altso lots of hacking attempts and > spoof from *.top > > > 2023-03-06 18:46:59 H=(wuanlaw.top) [106.55.16.123] rejected MAIL > <xap...@wuanlaw.top>: 5.7.1 Banned TLD > 2023-03-11 07:17:48 H=(darvin.top) [124.221.158.202] rejected MAIL > <gub...@darvin.top>: 5.7.1 Banned TLD > 2023-03-16 07:35:51 H=i-org.top [106.75.13.182] rejected MAIL > <mail...@i-org.top>: 5.7.1 Banned TLD > 2023-03-16 08:36:18 H=i-org.top [106.75.13.182] rejected MAIL > <mail...@i-org.top>: 5.7.1 Banned TLD > > 2023-04-28 15:42:08 H=hwsrv-1063153.hostwindsdns.com > (mta0.savethechildenofturkeiy.top) [104.168.246.184] > X=TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256 CV=no > rejected MAIL <sebast...@sebbe.eu>: 5.7.0 You can't spoof the domains > this server is authorative for > 2023-06-30 11:32:57 H=slot0.cedarstz.top (GTwG7V3hE) [185.28.39.60] > rejected MAIL <sebast...@sebbe.eu>: 5.7.0 You can't spoof the domains > this server is authorative for > > 2023-06-30 11:32:58 SMTP protocol error in "AUTH LOGIN" > H=slot0.cedarstz.top (PTUXWX3CW) [185.28.39.60] AUTH command used when > not advertised *REPEATED LIKE 50 TIMES* > 2023-06-30 11:40:32 SMTP protocol error in "AUTH LOGIN" > H=slot0.cedarstz.top (rzA35F9) [185.28.39.60] AUTH command used when > not advertised > > 2023-06-30 11:41:06 H=slot0.cedarstz.top (psGLswu) [185.28.39.60] > rejected MAIL <sebast...@sebbe.eu>: 5.7.0 You can't spoof the domains > this server is authorative for > > > > So no, just nuke .top from orbit too. Soo much abuse originating from > *.top > > > Here is a good list if you want to block less TLDs, just block the top 50 > gTLDs that isn't the "common" ones: > > https://www.spamhaus.org/reputation-statistics/gtlds/domains > > .top is #19 on that list so clearly a spam blaster. > > > -----Ursprungligt meddelande----- > Från: Jaroslaw Rafa via mailop <mailop@mailop.org> > Skickat: den 2 november 2024 20:55 > Till: mailop@mailop.org > Ämne: Re: [mailop] Gmail not accepting the spam they sent themselves > > Dnia 2.11.2024 o godz. 18:45:13 Sebastian Nielsen via mailop pisze: >> My blocklist is: >> >> /\.(accountant|accountants|asia|auto|berlin|bid|buzz|camera|car|cam|c >> a >> rs|casa|cfd|christmas|click|club|college|computer|country|cricket|cyo >> rs|casa|cfd|christmas|click|club|college|computer|country|cricket|u >> |date|design|download|exposed|email|fail|faith|finance|fit|fun|gdn|gl >> |date|design|download|exposed|email|fail|faith|finance|fit|fun|gdn|o >> bal|guru|help|host|jetzt|kim|icu|life|live|link|loan|london|media|men| >> mom|news|ninja|online|page|party|photography|pro|protection|pub|racin >> mom|news|ninja|online|page|party|photography|pro|protection|pub|g >> |realtor|reise|ren|rent|rest|review|rocks|science|security|shop|site|s >> olutions|space|storage|store|stream|study|surf|tech|technology|theatr >> olutions|space|storage|store|stream|study|surf|tech|technology|e >> |today|top|trade|university|uno|us|viajes|vip|vividal|wang|webcam|web >> |today|top|trade|university|uno|us|viajes|vip|vividal|wang|webcam|s >> ite|win|work|works|world|xin|xyz|zip|xn--.*)$/ > > I have seen quite a lot of legitimate email sent from *.shop and *.pro > domains, and *.us is USA country code TLD and it's something like standard > for schools (and some more public institutions) in USA to have subdomains in > it. So I would advise against blocking these, because you might lose > legitimate mail. > > I have also encountered legitimate websites and email addresses in *.online > and *.email, but these were just a few cases, maybe ten in total. But one > particular message coming from an *.online domain was very important for me, > as it was a document I have ordered, and it would be quite a trouble for me > if I'd lose that mail due to blocking the .online TLD. > > I have also seen quite legitimate websites in *.top, but no mail from this > domain. > > For the rest of the above TLDs, I haven't even seen a useful website with an > address in any of these domains. But I don't block them because I get > absolutely no mail from them. All the spam coming to my server is from > "traditional" .com/.org/.net etc. TLDs. > -- > Regards, > Jaroslaw Rafa > r...@rafa.eu.org > -- > "In a million years, when kids go to school, they're gonna know: once there > was a Hushpuppy, and she lived with her daddy in the Bathtub." > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
