Re: Anyone else just blocking the ".top" TLD?

Just spotted my first snow with the TLD ".jetzt". It's selling for $1.88 at NameCheap so should become widespread. On Sat, 05 Nov 2016, at 11:54, @lbutlr (kreme.com) wrote: >We get some (very little) real mail from info, biz, and name domains. >All the other new domains are on a "prove you're not

Re: Anyone else just blocking the ".top" TLD?

On 05 Nov 2016, at 11:54, @lbutlr wrote: > > tad’s will be quite efferent tld’s will be quite different dunno what happened there.

Re: Anyone else just blocking the ".top" TLD?

On 03 Nov 2016, at 10:27, Vincent Fox wrote: > XYZ insights anyone? They have been on my reject list > for a long time, but claim to be cleaning it up. Thinking to > drop my shields on this one. I am still blocking most any TLDs via postfix:

Re: Anyone else just blocking the ".top" TLD?

7.59%) Per that, TOP accounts for 64% of the problem. SCIENCE is next at a mere 8%. While XYZ comes in at #15 on the SURBL abused domains list at present in raw numbers, as a percentage of it's email volume it seems it's abuse is quite low. ________ From: Shawn Bakhtiar

Re: Anyone else just blocking the ".top" TLD?

On Thu, 3 Nov 2016, Vincent Fox wrote: TOP remains at the err... top of abuse heap. XYZ insights anyone? They have been on my reject list for a long time This is an interesting statistics page I had not seen before: https://ntldstats.com/fraud Hmm. Autoforward them all to the ICANN board

Re: Anyone else just blocking the ".top" TLD?

gt; Sent: Thursday, November 3, 2016 9:33:59 AM To: users@spamassassin.apache.org Subject: Re: Anyone else just blocking the ".top" TLD? Unless you have customers/employees/vendors complaining that they are not receiving legitimate email from that TLD why would you un block it?? On Nov

Re: Anyone else just blocking the ".top" TLD?

Resurrecting thread TOP remains at the err... top of abuse heap. XYZ insights anyone? They have been on my reject list for a long time, but claim to be cleaning it up. Thinking to drop my shields on this one. https://gen.xyz/blog/antiabuse

Re: Anyone else just blocking the ".top" TLD?

Unless you have customers/employees/vendors complaining that they are not receiving legitimate email from that TLD why would you un block it?? On Nov 3, 2016, at 9:27 AM, Vincent Fox > wrote: Resurrecting thread TOP remains at the err...

RE: Anyone else just blocking the ".top" TLD?

Getting tons of this: top.professional.wo...@ub6eual.cpatter.top I am Just blocking "*.top" From: Vincent Fox [mailto:vb...@ucdavis.edu] Sent: Thursday, November 03, 2016 9:27 AM To: users@spamassassin.apache.org Subject: Re: Anyone else just blocking the

Re: Anyone else just blocking the ".top" TLD?

On Thu, 2016-09-08 at 13:44 +, Chip M. wrote: > On Thu, 8 Sep 2016, "lists [at] rhsoft.net" wrote: > > > > i get a diff-output per mail each time the mailserver configs > > are changing > That's a completely valid approach, and I am a big fan of > pre-emptive first strike (only as applied to

Re: Anyone else just blocking the ".top" TLD?

On 09 Jul 2016, at 08:32, jaso...@mail-central.com wrote: > > Fwiw, atm I block all of the following TLDs > [big list] > That list is auto-generated. Any & all TLDs that have sent > 100 messages > within the last year *AND* have a spam/reject rate >= 99% get blocked by TLD, > never get past

Re: Anyone else just blocking the ".top" TLD?

Am 08.09.2016 um 15:44 schrieb Chip M.: On Thu, 8 Sep 2016, "lists [at] rhsoft.net" wrote: i get a diff-output per mail each time the mailserver configs are changing That's a completely valid approach, and I am a big fan of pre-emptive first strike (only as applied to potentially evil

Re: Anyone else just blocking the ".top" TLD?

On Thu, 8 Sep 2016, "lists [at] rhsoft.net" wrote: >i get a diff-output per mail each time the mailserver configs >are changing That's a completely valid approach, and I am a big fan of pre-emptive first strike (only as applied to potentially evil email). However, the vast majority of those TLDs

Re: Anyone else just blocking the ".top" TLD?

Am 08.09.2016 um 10:33 schrieb Chip M.: On Sat, 09 Jul 2016, jasonsu wrote: Fwiw, atm I block all of the following TLDs ... men, .. That list is auto-generated. Any & all TLDs that have sent > 100 messages within the last year *AND* have a Great approach Jason! :) ".men" just recently

Re: Anyone else just blocking the ".top" TLD?

On Sat, 09 Jul 2016, jasonsu wrote: >Fwiw, atm I block all of the following TLDs ... >men, .. >That list is auto-generated. Any & all TLDs that have >sent > 100 messages within the last year *AND* have a Great approach Jason! :) ".men" just recently appeared in my data, and is not showing up

Re: Anyone else just blocking the ".top" TLD?

Am 16.07.2016 um 21:48 schrieb Jonathan Nichols: I’m just blocking them. .top has been nothing but spam. Looking at my logs, .top accounts for over 90% of the rejected email nowadays. But I’m just doing it in Postfix and this has been working fine. Any ones that I need to whitelist, I just

Re: Anyone else just blocking the ".top" TLD?

On Sat, Jul 16, 2016, at 12:48 PM, Jonathan Nichols wrote: > I’m just blocking them. .top has been nothing but spam. Looking at my logs, > .top accounts for over 90% of the rejected email nowadays. you can of course do what you want, but IMO it bears mention for others' awareness that #

Re: Anyone else just blocking the ".top" TLD?

>> >> On Wed, Apr 27, 2016 at 5:39 PM, @lbutlr wrote: >> On Apr 27, 2016, at 2:06 PM, Olivier Coutu wrote: >> > I have affected a hefty penalty in SA to any mail that comes from one of >> > these TLDs: >> > >> >

Re: Anyone else just blocking the ".top" TLD?

Am 16.07.2016 um 16:43 schrieb Max Watkins aka Maciej Hryckiewicz: What will be best approach to block it in EXIM ? Ack rule with lookup in text file ? How would you prevent legit domain from being blocked for example block .book but not book.com?

Re: Anyone else just blocking the ".top" TLD?

On Saturday 16 July 2016 at 16:43:00, Max Watkins aka Maciej Hryckiewicz wrote: > What will be best approach to block it in EXIM ? > Ack rule with lookup in text file ? Good plan. Here's what I found from a Google search for "exim block domain":

Re: Anyone else just blocking the ".top" TLD?

What will be best approach to block it in EXIM ? Ack rule with lookup in text file ? How would you prevent legit domain from being blocked for example block .book but not book.com? Thanks, Max > On Apr 28, 2016, at 12:40 AM, Sergio wrote: > > This is what I block: >

Re: Anyone else just blocking the ".top" TLD?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jaso...@mail-central.com kirjoitti 9.7.2016 18:41: > With what's left, I'm "99% sure(tm)" I could probably run my server on > an RPi ;-) > > Bottom line is, it costs me less time, resource & effort, and my users > are happy. Which makes me happy.

Re: Anyone else just blocking the ".top" TLD?

On Sat, Jul 9, 2016, at 08:28 AM, Groach wrote: > But that said, in fairness, of all the spam we do receive, from what I > can tell, is already handled and dealt with by the usual DNSBL, SURBLs > and spamassassin (with SPF and DKIM checking encompassed). Ive never > had to use/block these

Re: Anyone else just blocking the ".top" TLD?

Correction: Sorry I was wrong. Or accountant uses ".accountants" (I just checked). When I first read the list of TLDs being blocked by default my first thought was "Yeah, quite right too". Ive never like the idea of these new TLD's when they were introduced and think they would only ever

Re: Anyone else just blocking the ".top" TLD?

On Sat, Jul 9, 2016, at 07:52 AM, Groach wrote: > Our accountants are actually using '.account' TLD and they are a very > reputable business. A surprise when they changed to it, maybe, but change to > it they did. My stats provide all the 'evidence' I need. So far, it seems I'm not

Re: Anyone else just blocking the ".top" TLD?

Our accountants are actually using '.account' TLD and they are a very reputable business. A surprise when they changed to it, maybe, but change to it they did. On 9 July 2016 16:32:51 CEST, jaso...@mail-central.com wrote: > > >On Sat, Jul 9, 2016, at 07:14 AM, Chip M. wrote: >> Thanks for all

Re: Anyone else just blocking the ".top" TLD?

On Sat, Jul 9, 2016, at 07:14 AM, Chip M. wrote: > Thanks for all the lists and references, everyone! :) Fwiw, atm I block all of the following TLDs accountant, accountants, adult, aero, agency, apartments, app, asia, associates, audio, baby, bargains, bid, bike, bingo, blog,

Re: Anyone else just blocking the ".top" TLD?

Thanks for all the lists and references, everyone! :) +1 on block-by-default combined with "skips" for the VERY rare exceptions. I'm scoring (poison pill level), not gateway blocking (more about that in a later post). *** New Snow TLD sighting: Since June 30, the TLD ".stream" has been

Re: Anyone else just blocking the ".top" TLD?

This is what I block: (bid|book|click|club|cricket|date|democrat|directory|download|faith|help|link|ninja|party|press|pro|racing|reviews?|rocks|science|site|social|space|top|uno|webcam|website|work|win|xyz) I will add some from what you have posting, thanks. Sergio On Wed, Apr 27, 2016 at 5:39

Re: Anyone else just blocking the ".top" TLD?

On Apr 27, 2016, at 2:06 PM, Olivier Coutu wrote: > I have affected a hefty penalty in SA to any mail that comes from one of > these TLDs: > > (party|science|click|link|faith|racing|win|zip|review|country|kim|cricket|work|gq|date|lol|top|download|space|site|online)

Re: Anyone else just blocking the ".top" TLD?

o 8306 win 6463 trade 6153 click 4855 ninja 3087 review 2517 club 1566 pw From: Reindl Harald <h.rei...@thelounge.net> Sent: Tuesday, April 26, 2016 2:55:46 AM To: users@spamassassin.apache.org Subject: Re: Anyone else just bl

Re: Anyone else just blocking the ".top" TLD?

ald <h.rei...@thelounge.net> Sent: Tuesday, April 26, 2016 2:55:46 AM To: users@spamassassin.apache.org Subject: Re: Anyone else just blocking the ".top" TLD? Am 26.04.2016 um 11:23 schrieb Heinrich Boeder: > Hi, > >> On Apr 21, 2016, at 3:43 PM, Vincent Fox <vb..

Re: Anyone else just blocking the ".top" TLD?

Am 26.04.2016 um 11:23 schrieb Heinrich Boeder: Hi, On Apr 21, 2016, at 3:43 PM, Vincent Fox wrote: Recently seeing increase in spam from these gTLD: pro bid trade I didn´t see any spam from .pro, .bid or .trade gTLDs either. I was just wondering if it doesn´t make

Re: Anyone else just blocking the ".top" TLD?

Hi, On Apr 21, 2016, at 3:43 PM, Vincent Fox wrote: Recently seeing increase in spam from these gTLD: pro bid trade I didn´t see any spam from .pro, .bid or .trade gTLDs either. I was just wondering if it doesn´t make more sense to just give those domains a higher

Re: Anyone else just blocking the ".top" TLD?

On Apr 21, 2016, at 3:43 PM, Vincent Fox wrote: > Recently seeing increase in spam from these gTLD: > > pro > bid > trade I haven’t seen .pro myself, and all the .trade and .bid attempts have hit zen and been rejected in post screen before the DATA connection is even

Re: Anyone else just blocking the ".top" TLD?

Resurrecting thread Recently seeing increase in spam from these gTLD: pro bid trade I'm adding them to my reject list, do with this information what you will. -hth

Re: Anyone else just blocking the ".top" TLD?

On 03/28/2016 05:23 AM, Reindl Harald wrote: > > > Am 28.03.2016 um 05:24 schrieb Bill Cole: >> On 27 Mar 2016, at 21:58, Thomas Cameron wrote: >> >>> Has anyone actually gotten a single legit message from that domain? >> >> IMHO we're close to the point where it will make sense to make email >>

Re: Anyone else just blocking the ".top" TLD?

On 28 Mar 2016, at 15:06, Vincent Fox wrote: > Whoops, list truncated. Continuing > > From:work REJECT > From:cricketREJECT > From:xn--plai REJECT > From:review REJECT > From:countryREJECT > From:kimREJECT > From:scienceREJECT > From:party REJECT >

Re: Anyone else just blocking the ".top" TLD?

On 03/28/2016 12:35 PM, Reindl Harald wrote: nothing easier than that with postfix, just start with. I wish my EDU was cool with Postfix or Exim. However our routing pool is Sendmail, and the PHB here are determined to "upgrade" to Proofpoint which is Sendmail based.

Re: Anyone else just blocking the ".top" TLD?

On Mon, 28 Mar 2016, Vincent Fox wrote: On 03/27/2016 06:58 PM, Thomas Cameron wrote: Has anyone actually gotten a single legit message from that domain? Never. WTF was ICANN thinking? I occasionally go through the lists of abused gTLD here: http://www.surbl.org/tld/ Thanks for that

Re: Anyone else just blocking the ".top" TLD?

Am 28.03.2016 um 21:02 schrieb Vincent Fox: On 03/27/2016 06:58 PM, Thomas Cameron wrote: Has anyone actually gotten a single legit message from that domain? Never. WTF was ICANN thinking? I occasionally go through the lists of abused gTLD here: http://www.surbl.org/tld/ It certainly

Re: Anyone else just blocking the ".top" TLD?

On 3/28/2016 3:02 PM, Vincent Fox wrote: From:whoswho REJECT This is the one that really annoys me. KAM.cf has a 5.0-scored rule named exactly that, and there's an entire Wikipedia article on the subject! https://en.wikipedia.org/wiki/Who's_Who_scam. It really makes ICANN look like they do no

Re: Anyone else just blocking the ".top" TLD?

Whoops, list truncated. Continuing From:work REJECT From:cricketREJECT From:xn--plai REJECT From:review REJECT From:countryREJECT From:kimREJECT From:scienceREJECT From:party REJECT From:gq REJECT From:topREJECT From:unoREJECT

Re: Anyone else just blocking the ".top" TLD?

On 03/27/2016 06:58 PM, Thomas Cameron wrote: Has anyone actually gotten a single legit message from that domain? Never. WTF was ICANN thinking? I occasionally go through the lists of abused gTLD here: http://www.surbl.org/tld/ It certainly saves a lot of hygiene processing time to just

Re: Anyone else just blocking the ".top" TLD?

Am 28.03.2016 um 05:24 schrieb Bill Cole: On 27 Mar 2016, at 21:58, Thomas Cameron wrote: Has anyone actually gotten a single legit message from that domain? IMHO we're close to the point where it will make sense to make email default-deny and to build standard protocols for senders to be

Re: Anyone else just blocking the ".top" TLD?

On 27 Mar 2016, at 21:58, Thomas Cameron wrote: Has anyone actually gotten a single legit message from that domain? No system I work with ever has. On most of those systems mail from a *@*.top envelope sender would need to look quite hammy in other ways to be accepted. Contrary to the

Re: Anyone else just blocking the ".top" TLD?

Am 28.03.2016 um 03:58 schrieb Thomas Cameron: Has anyone actually gotten a single legit message from that domain? no blocked on MTA level for envelope as well as helo filters signature.asc Description: OpenPGP digital signature