Well... I guess that depends on what your definition of legitimate is I suppose... in my case (for our corporate emails) that would not be considered legit. Cool interface, but no mater what I typed on the keyboard it displayed its own search text, and the results were bogus. so.......
I just ran a search on .xyz domain hits on our SMTP gateway... we are still getting A LOT of hits from that TLD that are NOT legit (at least for us). Here is just a small sample (from 343) barrage from one domain: Oct 16 05:59:01 smtp sendmail[3427]: u9GCwuvm003427: from=<s...@leaders2016.xyz<mailto:s...@leaders2016.xyz>>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.224] Oct 16 06:48:27 smtp sendmail[4645]: u9GDmM58004645: from=<t...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.221] Oct 16 07:41:45 smtp sendmail[5928]: u9GEfeS1005928: from=<j...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.224] Oct 16 07:55:43 smtp sendmail[6252]: u9GEtcLs006252: from=<b...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.221] Oct 16 08:16:41 smtp sendmail[6790]: u9GFGaQV006790: from=<t...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.222] Oct 16 08:17:14 smtp sendmail[6800]: u9GFH9A4006800: from=<t...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.223] Oct 16 08:18:49 smtp sendmail[6845]: u9GFIi1e006845: from=<b...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.224] Oct 16 08:25:34 smtp sendmail[6994]: u9GFPTuC006994: from=<j...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.224] Oct 16 08:29:48 smtp sendmail[7071]: u9GFThJX007071: from=<b...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.223] Oct 16 08:41:11 smtp sendmail[7329]: u9GFf6ak007329: from=<b...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.223] Oct 16 09:16:40 smtp sendmail[8149]: u9GGGZcd008149: from=<s...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.221] Oct 16 09:17:48 smtp sendmail[8176]: u9GGHhUc008176: from=<t...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.223] Oct 16 09:25:40 smtp sendmail[8337]: u9GGPZ9C008337: from=<b...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.222] Oct 16 09:49:42 smtp sendmail[8896]: u9GGnbrQ008896: from=<j...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.222] Oct 16 09:51:51 smtp sendmail[8948]: u9GGpjow008948: from=<b...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.220] Oct 16 10:29:23 smtp sendmail[9864]: u9GHTIZ3009864: from=<b...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.220] Oct 16 10:33:19 smtp sendmail[9961]: u9GHXEJj009961: from=<s...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.224] Oct 16 10:57:42 smtp sendmail[10483]: u9GHvbIp010483: from=<j...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.223] Oct 16 10:58:14 smtp sendmail[10494]: u9GHw9Ca010494: from=<j...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.223] Oct 16 11:02:22 smtp sendmail[10614]: u9GI2HoX010614: from=<t...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.224] Oct 16 11:12:39 smtp sendmail[10860]: u9GICYxE010860: from=<t...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.220] Oct 16 11:28:57 smtp sendmail[11234]: u9GISq19011234: from=<t...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.223] Oct 16 11:42:11 smtp sendmail[11526]: u9GIg6f3011526: from=<b...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.223] Oct 16 11:48:17 smtp sendmail[11688]: u9GImCd0011688: from=<t...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.222] Oct 16 11:51:27 smtp sendmail[11781]: u9GIpMUC011781: from=<t...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.221] Oct 16 11:58:30 smtp sendmail[11929]: u9GIwPkv011929: from=<j...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.224] Oct 16 12:00:22 smtp sendmail[11969]: u9GJ0HO8011969: from=<b...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.221] Oct 16 13:51:22 smtp sendmail[14469]: u9GKpGUY014469: from=<t...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.220] Oct 16 14:40:48 smtp sendmail[15615]: u9GLehHT015615: from=<j...@leaders2016.xyz>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[69.94.151.222] The IP range belongs to: Lanset America Corporation (LANA) which is a second rate email marketing corp. I would suggest, if the need is there to open up individual domains, not the entire TLD, unless you are certainly your other counter measures will be sufficient in catching spam. On Nov 3, 2016, at 9:40 AM, Vincent Fox <vb...@ucdavis.edu<mailto:vb...@ucdavis.edu>> wrote: Indeed, that is what is happening. I have had requests for overrides. I hate maintaining overrides if I no longer need to even list the domain. See driver.xyz for example which is legit. This is an interesting statistics page I had not seen before: https://ntldstats.com/fraud [https://ntldstats.com/img/meta/fraud.jpg]<https://ntldstats.com/fraud> Statistic of suspicious/fraudulent Domains in new gTLDs ...<https://ntldstats.com/fraud> ntldstats.com<http://ntldstats.com/> Suspicious Domains in new gTLDs namespace ... TLDs with suspicious Domains: 209 (17.59%) Per that, TOP accounts for 64% of the problem. SCIENCE is next at a mere 8%. While XYZ comes in at #15 on the SURBL abused domains list at present in raw numbers, as a percentage of it's email volume it seems it's abuse is quite low. ________________________________ From: Shawn Bakhtiar <shashan...@hotmail.com<mailto:shashan...@hotmail.com>> Sent: Thursday, November 3, 2016 9:33:59 AM To: users@spamassassin.apache.org<mailto:users@spamassassin.apache.org> Subject: Re: Anyone else just blocking the ".top" TLD? Unless you have customers/employees/vendors complaining that they are not receiving legitimate email from that TLD.... why would you un block it?? On Nov 3, 2016, at 9:27 AM, Vincent Fox <vb...@ucdavis.edu<mailto:vb...@ucdavis.edu>> wrote: Resurrecting thread.... TOP remains at the err... top of abuse heap. XYZ insights anyone? They have been on my reject list for a long time, but claim to be cleaning it up. Thinking to drop my shields on this one. https://gen.xyz/blog/antiabuse ..... My current total-block list: From:link REJECT From:website REJECT From:berlin REJECT From:club REJECT From:email REJECT From:csr24.email OK From:guru REJECT From:wang REJECT From:xyz REJECT From:driver.xyz ACCEPT From:photography REJECT From:rocks REJECT From:click REJECT From:xn--czrs0t REJECT From:xn--hxt814e REJECT From:xn--flw351e REJECT From:xn--qcka1pmc REJECT From:xn--45q11c REJECT From:xn--vermgensberatung-pwb REJECT From:xn--vermgensberater-ctb REJECT From:xn--p1acf REJECT From:xn--vhquv REJECT From:xn--xhq521b REJECT From:xn--1qqw23a REJECT From:xn--kput3i REJECT From:xn--4gbrim REJECT From:xn--czr694b REJECT From:xn--80adxhks REJECT From:xn--ses554g REJECT From:xn--czru2d REJECT From:xn--rhqv96g REJECT From:xn--nqv7f REJECT From:xn--i1b6b1a6a2e REJECT From:xn--nqv7fs00ema REJECT From:xn--c1avg REJECT From:xn--d1acj3b REJECT From:xn--mgbab2bd REJECT From:xn--6frz82g REJECT From:xn--io0a7i REJECT From:xn--55qx5d REJECT From:xn--fiq64b REJECT From:xn--3bst00m REJECT From:xn--6qq986b3xl REJECT From:xn--fiq228c5hs REJECT From:xn--3ds443g REJECT From:xn--55qw42g REJECT From:xn--zfr164b REJECT From:xn--q9jyb4c REJECT From:xn--ngbc5azd REJECT From:xn--80asehdb REJECT From:xn--80aswg REJECT From:xn--unup4y REJECT From:ninja REJECT From:gripe REJECT From:loans REJECT From:luxury REJECT From:market REJECT From:marketing REJECT From:pink REJECT From:whoswho REJECT From:work REJECT From:cricket REJECT From:xn--plai REJECT From:review REJECT From:country REJECT From:kim REJECT From:science REJECT From:party REJECT From:gq REJECT From:top REJECT From:uno REJECT From:win REJECT From:download REJECT From:tk REJECT From:pw REJECT From:international REJECT From:slice.international OK From:date REJECT From:gdn REJECT From:pro REJECT From:mm.law.pro OK From:npocpa.pro OK From:bid REJECT From:trade REJECT From:press REJECT From:faith REJECT From:racing REJECT From:stream REJECT From:diet REJECT From:tokyo REJECT From:accountant REJECT From:webcam REJECT From:help REJECT From:space REJECT From:men REJECT