Well yeah, they can always buy a .com, etc., but right now .stream has nothing 

The last time this discussion came up (not initiated by me if it matters), I 
bought into TLD blocking being bad, but things are different half a year later. 

I suppose I can find a more effective RBL, but the more you add, the more 
likely you get false positives.

  Original Message  
From: /dev/rob0
Sent: Monday, September 19, 2016 6:11 PM
To: postfix-users@postfix.org
Reply To: postfix-users@postfix.org
Subject: Re: TLD blocking revisited

On Mon, Sep 19, 2016 at 05:29:51PM -0700, li...@lazygranch.com wrote:
> The last time TLD blocking came up, the consensus of the hive was 
> not to block based on TLD. (You may recall .xyz being used by 
> Alphabet.) However lately I'm getting a ridiculous number of 
> .stream SPAM coming through. The RBLs are getting about half.
> https://www.spamhaus.org/statistics/tlds/
> I have a hard time believing I will ever get legit mail from a 
> .stream or a .download.

The thing is, I don't think any TLD prescreens its registrants and 
limits domains to spammers only. Anyone can buy one of the new 
domains, whether or not a spammer.

> FWIW, many of the .stream pass SPF, which is perhaps why the RBLs 
> are not being as aggressive.

Certainly not a factor. Most significant DNSBLs operate on the basis 
of spamtraps. If a host is hitting a spamtrap, it will be listed; if 
not it will not be listed. FCrDNS and other niceties are irrelevant.
The DNSBL knows that the traffic is spam, because a good spamtrap is 
an address which was never used.
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Reply via email to