On Sat, Jan 30, 2021 at 01:20:13PM -0500, Phil Stracchino wrote: > I'm looking at implementing a rule to discard all > four-letter-and-above TLDs except whitelisted ones, because I'm tired > of playing whack-a-mole.
I'd like to strongly advise against filtering by TLD. This is a very low quality signal. There is no shortage of abuse mail from the traditional gTLDs, and also a non-trivial quantity of legitimate email from new gTLDs. Most of the ".brand" gTLDs are not open for public registration of subdomains, and if say citibank decided to send email from a ".citi" subdomain, that'd be just fine. They should be able to use the gTLD they control. For example, the ".info" and ".name" gTLDs are established sources of legitimate email. Looking at DANE-enabled domains, which junk mail senders are unlikely to bother setting up, I see the following top 30 domain counts by TLD, indicating a population of non-abusive domains. 6389 info 3397 online 1231 shop 941 email 825 amsterdam 784 site 715 cloud 561 tech 531 store 402 world 360 swiss 330 name 283 work 248 space 235 studio 229 club 212 agency 197 blog 190 academy 185 family 164 rocks 158 design 153 link 150 live 144 network 138 media 127 tips 122 company 120 solutions 113 life ... To filter junk mail, deploy better content-based filters. -- Viktor.