Sorry, but this strategy looks more like some hobbyist hosting the
server for himself and his friends.
Some of the TLDs you simply block are used by people i know for
legitimate purposes, let alone by all the people i don't know.
Scoring messages by the TLD, ok, i do that, too - but an immediate block
is really crazy for most of them.
Andreas
Sebastian Nielsen via mailop wrote on 27.05.22 20:06:
I block a lot of these pieces of shit domains, including .cam:
deny
message = 5.7.1 Banned TLD in MAIL FROM
sender_domains =
^(?i).*\\.(accountant|accountants|asia|auto|berlin|bid|buzz|camera|car|cam|cars|casa|christmas|click|club|college|computer|country|cricket|date|design|download|exposed|email|fail|
faith|fit|fun|gdn|global|guru|help|host|jetzt|kim|icu|life|live|link|loan|london|media|men|mom|news|ninja|online|party|photography|pro|protection|pub|racing|realtor|reise|ren|rent|rest|review|rocks|science|security|
shop|site|solutions|space|storage|store|stream|study|surf|tech|technology|theatre|today|top|trade|university|uno|us|viajes|vip|vividal|wang|webcam|website|win|work|works|world|xin|xyz|zip|xn--.*)\$
And also in acl_data:
deny
message = 5.7.1 Banned TLD in MIME From
condition = ${if match
{$h_from:}{^(?i).*\\.(accountant|accountants|asia|auto|berlin|bid|buzz|camera|car|cam|casa|cars|christmas|click|club|college|computer|country|cricket|date|design|download|exposed|email|fail
|faith|fit|fun|gdn|global|guru|help|host|jetzt|kim|icu|life|live|link|loan|london|media|men|mom|news|ninja|online|party|photography|pro|protection|pub|racing|realtor|reise|ren|rent|rest|review|rocks|science|security
|shop|site|solutions|space|storage|store|stream|study|surf|tech|technology|theatre|today|top|trade|university|uno|us|viajes|vip|vividal|wang|webcam|website|win|work|works|world|xin|xyz|zip|xn--.*)>\$}{yes}{no}}
There you have 2 nice blocklists to use in EXIM.
-----Ursprungligt meddelande-----
Från: Anne Mitchell via mailop <mailop@mailop.org>
Skickat: den 27 maj 2022 20:03
Till: Hans-Martin Mosner via mailop <mailop@mailop.org>
Ämne: [mailop] Any reason to NOT block the entire .cam domain?
We've started getting a fair amount of spam from .cam domains; in fact they all look the
same, using the same HTML template with the same body format, but from different .cam
domain for different 'businesses', so I suspect that one operation is selling "email
marketing" packages to clients and setting it up for them, especially as they all
are sending through their own domains, and, let's face it, these sorts of spammers
usually don't know how to set up their own MX, etc.. rather than spamming through Google
or Outlook.
They are all coming from:
77.73.131.0/24
185.221.66.0/24
they share:
mnt-routes: ashitt
mnt-domains: ashitt
mnt-by: ashitt
A few sample domains are:
stretchch.cam
inogenosx.cam
securetho.cam
livingcois.cam
I have a body of about 20 now (I'm sure I deleted many more) that are all clearly set up
by the same entity, for/from different "businesses" using their own domains, so
it's clearly a spam factory (they are almost certainly including a mailing list with the
setup). Full samples available upon request.
Anyways, can anyone think of a single reason to *not* block all of .cam?
Or, hey, to not get these IPs listed? ;-)
P.S. Aaah, a TLD that can be, in quick-glance, mistaken for .com; good
thinking!
Anne
--
Anne P. Mitchell, Attorney at Law
CEO ISIPP SuretyMail
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook Board of Directors, Denver Internet
Exchange Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School Prof.
Emeritus, Lincoln Law School Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus: Mail Abuse Prevention System (MAPS) (now the anti-spam arm of
TrendMicro)
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
