I block a lot of these pieces of shit domains, including .cam: deny message = 5.7.1 Banned TLD in MAIL FROM sender_domains = ^(?i).*\\.(accountant|accountants|asia|auto|berlin|bid|buzz|camera|car|cam|cars|casa|christmas|click|club|college|computer|country|cricket|date|design|download|exposed|email|fail| faith|fit|fun|gdn|global|guru|help|host|jetzt|kim|icu|life|live|link|loan|london|media|men|mom|news|ninja|online|party|photography|pro|protection|pub|racing|realtor|reise|ren|rent|rest|review|rocks|science|security| shop|site|solutions|space|storage|store|stream|study|surf|tech|technology|theatre|today|top|trade|university|uno|us|viajes|vip|vividal|wang|webcam|website|win|work|works|world|xin|xyz|zip|xn--.*)\$
And also in acl_data: deny message = 5.7.1 Banned TLD in MIME From condition = ${if match {$h_from:}{^(?i).*\\.(accountant|accountants|asia|auto|berlin|bid|buzz|camera|car|cam|casa|cars|christmas|click|club|college|computer|country|cricket|date|design|download|exposed|email|fail |faith|fit|fun|gdn|global|guru|help|host|jetzt|kim|icu|life|live|link|loan|london|media|men|mom|news|ninja|online|party|photography|pro|protection|pub|racing|realtor|reise|ren|rent|rest|review|rocks|science|security |shop|site|solutions|space|storage|store|stream|study|surf|tech|technology|theatre|today|top|trade|university|uno|us|viajes|vip|vividal|wang|webcam|website|win|work|works|world|xin|xyz|zip|xn--.*)>\$}{yes}{no}} There you have 2 nice blocklists to use in EXIM. -----Ursprungligt meddelande----- Från: Anne Mitchell via mailop <mailop@mailop.org> Skickat: den 27 maj 2022 20:03 Till: Hans-Martin Mosner via mailop <mailop@mailop.org> Ämne: [mailop] Any reason to NOT block the entire .cam domain? We've started getting a fair amount of spam from .cam domains; in fact they all look the same, using the same HTML template with the same body format, but from different .cam domain for different 'businesses', so I suspect that one operation is selling "email marketing" packages to clients and setting it up for them, especially as they all are sending through their own domains, and, let's face it, these sorts of spammers usually don't know how to set up their own MX, etc.. rather than spamming through Google or Outlook. They are all coming from: 77.73.131.0/24 185.221.66.0/24 they share: mnt-routes: ashitt mnt-domains: ashitt mnt-by: ashitt A few sample domains are: stretchch.cam inogenosx.cam securetho.cam livingcois.cam I have a body of about 20 now (I'm sure I deleted many more) that are all clearly set up by the same entity, for/from different "businesses" using their own domains, so it's clearly a spam factory (they are almost certainly including a mailing list with the setup). Full samples available upon request. Anyways, can anyone think of a single reason to *not* block all of .cam? Or, hey, to not get these IPs listed? ;-) P.S. Aaah, a TLD that can be, in quick-glance, mistaken for .com; good thinking! Anne -- Anne P. Mitchell, Attorney at Law CEO ISIPP SuretyMail Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Author: The Email Deliverability Handbook Board of Directors, Denver Internet Exchange Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School Prof. Emeritus, Lincoln Law School Chair Emeritus, Asilomar Microcomputer Workshop Counsel Emeritus: Mail Abuse Prevention System (MAPS) (now the anti-spam arm of TrendMicro) _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop