I and probably a lot of people here, block that domain and a bunch
others, even before they reach spamassassin
"Why Phishers Love New TLDs Like .shop, .top and .xyz"
https://krebsonsecurity.com/2024/12/why-phishers-love-new-tlds-like-shop-top-and-xyz/
"Spammers and scammers gravitate toward domains in the new gTLDs because
these registrars tend to offer cheap or free registration with little to
no account or identity verification requirements."
On 6/20/2025 3:40 AM, Benoît Panizzon wrote:
Is there a way to match the sending IP rdns name?
Received: from future.roommagic.shop (future.roommagic.shop [37.59.92.8]
Port:45265)
like match /\.shop$/ of the rdns name?
