Got this reply. The sad thing is that these new TLDs that ICANN opened (don't
know why) seem to attract spammers like a big magnet.
Sadly I have to block many of them... The .berlin domains is regularly used in
spam for berlin travels.
For most of the times, TLDs were operated by competent people who did take
great care in handling abuse, and turning off domains that were in spamhaus
toplist...
Now TLDs seem to be operated by people that simply don't care. So now I use
spamhaus TLD toplist to block TLDs that engage in spam - but only when I
confirmed it has a rare legitimate usefulness, I would never for example block
a country TLD or a gTLD whose legitimate purpose far outweights its spamminess.
-----Ursprungligt meddelande-----
Från: jpo...@zedat.fu-berlin.de <jpo...@zedat.fu-berlin.de> För Johannes Posel
Skickat: den 27 maj 2022 21:44
Till: Sebastian Nielsen <sebast...@sebbe.eu>
Kopia: Mailing List <mailop@mailop.org>
Ämne: Re: [mailop] Any reason to NOT block the entire .cam domain? [signed]
Hello Sebastian,
well that is a perfect example why shunning tlds is difficult. Your users will
never be able to get tickets for the botanical garden in Berlin
(www.bo.berlin). Let us not dive into the universities like the Technische
Universität Berlin at www.tu.berlin. And, of course, you might miss this reply
alltogether (sender from posel.email).
Well your server your rules, of course.
Best regards
Johannes
Von meinem iPhone gesendet
> Am 27.05.2022 um 21:17 schrieb Sebastian Nielsen via mailop
> <mailop@mailop.org>:
>
> I block a lot of these pieces of shit domains, including .cam:
>
> deny
> message = 5.7.1 Banned TLD in MAIL FROM
> sender_domains =
> ^(?i).*\\.(accountant|accountants|asia|auto|berlin|bid|buzz|camera|car|cam|cars|casa|christmas|click|club|college|computer|country|cricket|date|design|download|exposed|email|fail|
> faith|fit|fun|gdn|global|guru|help|host|jetzt|kim|icu|life|live|link|loan|london|media|men|mom|news|ninja|online|party|photography|pro|protection|pub|racing|realtor|reise|ren|rent|rest|review|rocks|science|security|
> shop|site|solutions|space|storage|store|stream|study|surf|tech|technology|theatre|today|top|trade|university|uno|us|viajes|vip|vividal|wang|webcam|website|win|work|works|world|xin|xyz|zip|xn--.*)\$
>
> And also in acl_data:
>
> deny
> message = 5.7.1 Banned TLD in MIME From
> condition = ${if match
> {$h_from:}{^(?i).*\\.(accountant|accountants|asia|auto|berlin|bid|buzz|camera|car|cam|casa|cars|christmas|click|club|college|computer|country|cricket|date|design|download|exposed|email|fail
> |faith|fit|fun|gdn|global|guru|help|host|jetzt|kim|icu|life|live|link|loan|london|media|men|mom|news|ninja|online|party|photography|pro|protection|pub|racing|realtor|reise|ren|rent|rest|review|rocks|science|security
> |shop|site|solutions|space|storage|store|stream|study|surf|tech|technology|theatre|today|top|trade|university|uno|us|viajes|vip|vividal|wang|webcam|website|win|work|works|world|xin|xyz|zip|xn--.*)>\$}{yes}{no}}
>
>
> There you have 2 nice blocklists to use in EXIM.
>
> -----Ursprungligt meddelande-----
> Från: Anne Mitchell via mailop <mailop@mailop.org>
> Skickat: den 27 maj 2022 20:03
> Till: Hans-Martin Mosner via mailop <mailop@mailop.org>
> Ämne: [mailop] Any reason to NOT block the entire .cam domain?
>
> We've started getting a fair amount of spam from .cam domains; in fact they
> all look the same, using the same HTML template with the same body format,
> but from different .cam domain for different 'businesses', so I suspect that
> one operation is selling "email marketing" packages to clients and setting it
> up for them, especially as they all are sending through their own domains,
> and, let's face it, these sorts of spammers usually don't know how to set up
> their own MX, etc.. rather than spamming through Google or Outlook.
>
> They are all coming from:
>
> 77.73.131.0/24
> 185.221.66.0/24
>
> they share:
>
> mnt-routes: ashitt
> mnt-domains: ashitt
> mnt-by: ashitt
>
> A few sample domains are:
>
> stretchch.cam
> inogenosx.cam
> securetho.cam
> livingcois.cam
>
> I have a body of about 20 now (I'm sure I deleted many more) that are all
> clearly set up by the same entity, for/from different "businesses" using
> their own domains, so it's clearly a spam factory (they are almost certainly
> including a mailing list with the setup). Full samples available upon request.
>
> Anyways, can anyone think of a single reason to *not* block all of .cam?
>
> Or, hey, to not get these IPs listed? ;-)
>
> P.S. Aaah, a TLD that can be, in quick-glance, mistaken for .com; good
> thinking!
>
> Anne
>
> --
> Anne P. Mitchell, Attorney at Law
> CEO ISIPP SuretyMail
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
> Author: The Email Deliverability Handbook Board of Directors, Denver Internet
> Exchange Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School Prof.
> Emeritus, Lincoln Law School Chair Emeritus, Asilomar Microcomputer Workshop
> Counsel Emeritus: Mail Abuse Prevention System (MAPS) (now the anti-spam arm
> of TrendMicro)
>
> _______________________________________________
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
> _______________________________________________
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
