Just spotted my first snow with the TLD ".jetzt".
It's selling for $1.88 at NameCheap so should become widespread.
On Sat, 05 Nov 2016, at 11:54, @lbutlr (kreme.com) wrote:
>We get some (very little) real mail from info, biz, and name domains.
>All the other new domains are on a "prove you're not
On 05 Nov 2016, at 11:54, @lbutlr wrote:
>
> tad’s will be quite efferent
tld’s will be quite different
dunno what happened there.
On 03 Nov 2016, at 10:27, Vincent Fox wrote:
> XYZ insights anyone? They have been on my reject list
> for a long time, but claim to be cleaning it up. Thinking to
> drop my shields on this one.
I am still blocking most any TLDs via postfix:
7.59%)
Per that, TOP accounts for 64% of the problem.
SCIENCE is next at a mere 8%.
While XYZ comes in at #15 on the SURBL abused domains list
at present in raw numbers, as a percentage of it's email volume
it seems it's abuse is quite low.
________
From: Shawn Bakhtiar
On Thu, 3 Nov 2016, Vincent Fox wrote:
TOP remains at the err... top of abuse heap.
XYZ insights anyone? They have been on my reject list for a long time
This is an interesting statistics page I had not seen before:
https://ntldstats.com/fraud
Hmm. Autoforward them all to the ICANN board
gt;
Sent: Thursday, November 3, 2016 9:33:59 AM
To: users@spamassassin.apache.org
Subject: Re: Anyone else just blocking the ".top" TLD?
Unless you have customers/employees/vendors complaining that they are not
receiving legitimate email from that TLD why would you un block it??
On Nov
Resurrecting thread
TOP remains at the err... top of abuse heap.
XYZ insights anyone? They have been on my reject list
for a long time, but claim to be cleaning it up. Thinking to
drop my shields on this one.
https://gen.xyz/blog/antiabuse
Unless you have customers/employees/vendors complaining that they are not
receiving legitimate email from that TLD why would you un block it??
On Nov 3, 2016, at 9:27 AM, Vincent Fox
> wrote:
Resurrecting thread
TOP remains at the err...
Getting tons of this:
top.professional.wo...@ub6eual.cpatter.top
I am Just blocking "*.top"
From: Vincent Fox [mailto:vb...@ucdavis.edu]
Sent: Thursday, November 03, 2016 9:27 AM
To: users@spamassassin.apache.org
Subject: Re: Anyone else just blocking the
On Thu, 2016-09-08 at 13:44 +, Chip M. wrote:
> On Thu, 8 Sep 2016, "lists [at] rhsoft.net" wrote:
> >
> > i get a diff-output per mail each time the mailserver configs
> > are changing
> That's a completely valid approach, and I am a big fan of
> pre-emptive first strike (only as applied to
On 09 Jul 2016, at 08:32, jaso...@mail-central.com wrote:
>
> Fwiw, atm I block all of the following TLDs
> [big list]
> That list is auto-generated. Any & all TLDs that have sent > 100 messages
> within the last year *AND* have a spam/reject rate >= 99% get blocked by TLD,
> never get past
Am 08.09.2016 um 15:44 schrieb Chip M.:
On Thu, 8 Sep 2016, "lists [at] rhsoft.net" wrote:
i get a diff-output per mail each time the mailserver configs
are changing
That's a completely valid approach, and I am a big fan of
pre-emptive first strike (only as applied to potentially evil
On Thu, 8 Sep 2016, "lists [at] rhsoft.net" wrote:
>i get a diff-output per mail each time the mailserver configs
>are changing
That's a completely valid approach, and I am a big fan of
pre-emptive first strike (only as applied to potentially evil
email).
However, the vast majority of those TLDs
Am 08.09.2016 um 10:33 schrieb Chip M.:
On Sat, 09 Jul 2016, jasonsu wrote:
Fwiw, atm I block all of the following TLDs
...
men,
..
That list is auto-generated. Any & all TLDs that have
sent > 100 messages within the last year *AND* have a
Great approach Jason! :)
".men" just recently
On Sat, 09 Jul 2016, jasonsu wrote:
>Fwiw, atm I block all of the following TLDs
...
>men,
..
>That list is auto-generated. Any & all TLDs that have
>sent > 100 messages within the last year *AND* have a
Great approach Jason! :)
".men" just recently appeared in my data, and is not showing up
Am 16.07.2016 um 21:48 schrieb Jonathan Nichols:
I’m just blocking them. .top has been nothing but spam. Looking at my logs,
.top accounts for over 90% of the rejected email nowadays.
But I’m just doing it in Postfix and this has been working fine. Any ones that
I need to whitelist, I just
On Sat, Jul 16, 2016, at 12:48 PM, Jonathan Nichols wrote:
> I’m just blocking them. .top has been nothing but spam. Looking at my logs,
> .top accounts for over 90% of the rejected email nowadays.
you can of course do what you want, but IMO it bears mention for others'
awareness that
#
>>
>> On Wed, Apr 27, 2016 at 5:39 PM, @lbutlr wrote:
>> On Apr 27, 2016, at 2:06 PM, Olivier Coutu wrote:
>> > I have affected a hefty penalty in SA to any mail that comes from one of
>> > these TLDs:
>> >
>> >
Am 16.07.2016 um 16:43 schrieb Max Watkins aka Maciej Hryckiewicz:
What will be best approach to block it in EXIM ?
Ack rule with lookup in text file ?
How would you prevent legit domain from being blocked for example block
.book but not book.com?
On Saturday 16 July 2016 at 16:43:00, Max Watkins aka Maciej Hryckiewicz
wrote:
> What will be best approach to block it in EXIM ?
> Ack rule with lookup in text file ?
Good plan. Here's what I found from a Google search for "exim block domain":
What will be best approach to block it in EXIM ?
Ack rule with lookup in text file ?
How would you prevent legit domain from being blocked for example block .book
but not book.com?
Thanks,
Max
> On Apr 28, 2016, at 12:40 AM, Sergio wrote:
>
> This is what I block:
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
jaso...@mail-central.com kirjoitti 9.7.2016 18:41:
> With what's left, I'm "99% sure(tm)" I could probably run my server on
> an RPi ;-)
>
> Bottom line is, it costs me less time, resource & effort, and my users
> are happy. Which makes me happy.
On Sat, Jul 9, 2016, at 08:28 AM, Groach wrote:
> But that said, in fairness, of all the spam we do receive, from what I
> can tell, is already handled and dealt with by the usual DNSBL, SURBLs
> and spamassassin (with SPF and DKIM checking encompassed). Ive never
> had to use/block these
Correction: Sorry I was wrong. Or accountant uses ".accountants" (I
just checked).
When I first read the list of TLDs being blocked by default my first
thought was "Yeah, quite right too". Ive never like the idea of these
new TLD's when they were introduced and think they would only ever
On Sat, Jul 9, 2016, at 07:52 AM, Groach wrote:
> Our accountants are actually using '.account' TLD and they are a very
> reputable business. A surprise when they changed to it, maybe, but change to
> it they did.
My stats provide all the 'evidence' I need. So far, it seems I'm not
Our accountants are actually using '.account' TLD and they are a very reputable
business. A surprise when they changed to it, maybe, but change to it they did.
On 9 July 2016 16:32:51 CEST, jaso...@mail-central.com wrote:
>
>
>On Sat, Jul 9, 2016, at 07:14 AM, Chip M. wrote:
>> Thanks for all
On Sat, Jul 9, 2016, at 07:14 AM, Chip M. wrote:
> Thanks for all the lists and references, everyone! :)
Fwiw, atm I block all of the following TLDs
accountant, accountants, adult, aero, agency, apartments, app, asia,
associates, audio, baby, bargains, bid, bike, bingo, blog,
Thanks for all the lists and references, everyone! :)
+1 on block-by-default combined with "skips" for the VERY rare
exceptions.
I'm scoring (poison pill level), not gateway blocking (more about
that in a later post).
*** New Snow TLD sighting:
Since June 30, the TLD ".stream" has been
This is what I block:
(bid|book|click|club|cricket|date|democrat|directory|download|faith|help|link|ninja|party|press|pro|racing|reviews?|rocks|science|site|social|space|top|uno|webcam|website|work|win|xyz)
I will add some from what you have posting, thanks.
Sergio
On Wed, Apr 27, 2016 at 5:39
On Apr 27, 2016, at 2:06 PM, Olivier Coutu wrote:
> I have affected a hefty penalty in SA to any mail that comes from one of
> these TLDs:
>
> (party|science|click|link|faith|racing|win|zip|review|country|kim|cricket|work|gq|date|lol|top|download|space|site|online)
o
8306 win
6463 trade
6153 click
4855 ninja
3087 review
2517 club
1566 pw
From: Reindl Harald <h.rei...@thelounge.net>
Sent: Tuesday, April 26, 2016 2:55:46 AM
To: users@spamassassin.apache.org
Subject: Re: Anyone else just bl
ald <h.rei...@thelounge.net>
Sent: Tuesday, April 26, 2016 2:55:46 AM
To: users@spamassassin.apache.org
Subject: Re: Anyone else just blocking the ".top" TLD?
Am 26.04.2016 um 11:23 schrieb Heinrich Boeder:
> Hi,
>
>> On Apr 21, 2016, at 3:43 PM, Vincent Fox <vb..
Am 26.04.2016 um 11:23 schrieb Heinrich Boeder:
Hi,
On Apr 21, 2016, at 3:43 PM, Vincent Fox wrote:
Recently seeing increase in spam from these gTLD:
pro
bid
trade
I didn´t see any spam from .pro, .bid or .trade gTLDs either. I was just
wondering if it doesn´t make
Hi,
On Apr 21, 2016, at 3:43 PM, Vincent Fox wrote:
Recently seeing increase in spam from these gTLD:
pro
bid
trade
I didn´t see any spam from .pro, .bid or .trade gTLDs either. I was just
wondering if it doesn´t make more sense to just give those domains a
higher
On Apr 21, 2016, at 3:43 PM, Vincent Fox wrote:
> Recently seeing increase in spam from these gTLD:
>
> pro
> bid
> trade
I haven’t seen .pro myself, and all the .trade and .bid attempts have hit zen
and been rejected in post screen before the DATA connection is even
Resurrecting thread
Recently seeing increase in spam from these gTLD:
pro
bid
trade
I'm adding them to my reject list, do with this information what you will.
-hth
On 03/28/2016 05:23 AM, Reindl Harald wrote:
>
>
> Am 28.03.2016 um 05:24 schrieb Bill Cole:
>> On 27 Mar 2016, at 21:58, Thomas Cameron wrote:
>>
>>> Has anyone actually gotten a single legit message from that domain?
>>
>> IMHO we're close to the point where it will make sense to make email
>>
On 28 Mar 2016, at 15:06, Vincent Fox wrote:
> Whoops, list truncated. Continuing
>
> From:work REJECT
> From:cricketREJECT
> From:xn--plai REJECT
> From:review REJECT
> From:countryREJECT
> From:kimREJECT
> From:scienceREJECT
> From:party REJECT
>
On 03/28/2016 12:35 PM, Reindl Harald wrote:
nothing easier than that with postfix, just start with.
I wish my EDU was cool with Postfix or Exim.
However our routing pool is Sendmail, and the PHB here are
determined to "upgrade" to Proofpoint which is Sendmail based.
On Mon, 28 Mar 2016, Vincent Fox wrote:
On 03/27/2016 06:58 PM, Thomas Cameron wrote:
Has anyone actually gotten a single legit message from that domain?
Never. WTF was ICANN thinking?
I occasionally go through the lists of abused gTLD here:
http://www.surbl.org/tld/
Thanks for that
Am 28.03.2016 um 21:02 schrieb Vincent Fox:
On 03/27/2016 06:58 PM, Thomas Cameron wrote:
Has anyone actually gotten a single legit message from that domain?
Never. WTF was ICANN thinking?
I occasionally go through the lists of abused gTLD here:
http://www.surbl.org/tld/
It certainly
On 3/28/2016 3:02 PM, Vincent Fox wrote:
From:whoswho REJECT
This is the one that really annoys me. KAM.cf has a 5.0-scored rule
named exactly that, and there's an entire Wikipedia article on the
subject! https://en.wikipedia.org/wiki/Who's_Who_scam. It really makes
ICANN look like they do no
Whoops, list truncated. Continuing
From:work REJECT
From:cricketREJECT
From:xn--plai REJECT
From:review REJECT
From:countryREJECT
From:kimREJECT
From:scienceREJECT
From:party REJECT
From:gq REJECT
From:topREJECT
From:unoREJECT
On 03/27/2016 06:58 PM, Thomas Cameron wrote:
Has anyone actually gotten a single legit message from that domain?
Never. WTF was ICANN thinking?
I occasionally go through the lists of abused gTLD here:
http://www.surbl.org/tld/
It certainly saves a lot of hygiene processing time to just
Am 28.03.2016 um 05:24 schrieb Bill Cole:
On 27 Mar 2016, at 21:58, Thomas Cameron wrote:
Has anyone actually gotten a single legit message from that domain?
IMHO we're close to the point where it will make sense to make email
default-deny and to build standard protocols for senders to be
On 27 Mar 2016, at 21:58, Thomas Cameron wrote:
Has anyone actually gotten a single legit message from that domain?
No system I work with ever has. On most of those systems mail from a
*@*.top envelope sender would need to look quite hammy in other ways to
be accepted.
Contrary to the
Am 28.03.2016 um 03:58 schrieb Thomas Cameron:
Has anyone actually gotten a single legit message from that domain?
no
blocked on MTA level for envelope as well as helo filters
signature.asc
Description: OpenPGP digital signature
47 matches
Mail list logo