On Tue, 20 Oct 2015, Rob McEwen wrote:
On 10/20/2015 12:13 PM, sha...@shanew.net wrote:
Unlike Larry (and others) I DO want to block the vast majority of the
new tlds, because we see nothing but spam from them (and my users tend
toward the more false-positives than false-negatives side of the
spectrum). Rather than maintain a list of all the problematic tlds,
I'd rather have a blanket block rule with the ability whitelist the
handful that might be legit.
Be careful about doing this for the long term. I think that spammer exploit
new TLDs because they know that many anti-spam systems don't account for them
correctly at first. (and/or maybe they are cheaper at first?). But in the
longer term (years down the road).. they tend to move on to other ones, while
the legit TLDs slowly increase. So this strategy can backfire in the long
term. (but, of course, MMV... and some smaller hosters don't have to be as
concerned about a few extra FPs)
I totally agree. In fact, I assume anything I'm doing right now to
successfully block spam could change tomorrow, much less months or
years from now. For now, though, I'm seeing almost no legitimate
traffic from most of the new ones (I'm thinking of the longer ones
especially; .work, .ninja, .site, .science, etc.).
I already have rules that score for these tlds in received or envelope
from, but I'm getting tired of making the regular expression longer
and longer (in two different places), and I know there's a smarter
way. Whether I'm smart enough to implement that smarter way is
another matter entirely.
Is there an existing (relatively simple) plugin that behaves similarly
that I could crib from?
--
Public key #7BBC68D9 at | Shane Williams
http://pgp.mit.edu/ | System Admin - UT CompSci
=----------------------------------+-------------------------------
All syllogisms contain three lines | sha...@shanew.net
Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
