On Sat, Jan 30, 2021 at 01:20:13PM -0500, Phil Stracchino wrote:
> I'm looking at implementing a rule to discard all
> four-letter-and-above TLDs except whitelisted ones, because I'm tired
> of playing whack-a-mole.
I'd like to strongly advise against filtering by TLD. This is a very
low quality signal. There is no shortage of abuse mail from the
traditional gTLDs, and also a non-trivial quantity of legitimate
email from new gTLDs.
Most of the ".brand" gTLDs are not open for public registration of
subdomains, and if say citibank decided to send email from a ".citi"
subdomain, that'd be just fine. They should be able to use the gTLD
they control.
For example, the ".info" and ".name" gTLDs are established sources of
legitimate email. Looking at DANE-enabled domains, which junk mail
senders are unlikely to bother setting up, I see the following top 30
domain counts by TLD, indicating a population of non-abusive domains.
6389 info
3397 online
1231 shop
941 email
825 amsterdam
784 site
715 cloud
561 tech
531 store
402 world
360 swiss
330 name
283 work
248 space
235 studio
229 club
212 agency
197 blog
190 academy
185 family
164 rocks
158 design
153 link
150 live
144 network
138 media
127 tips
122 company
120 solutions
113 life
...
To filter junk mail, deploy better content-based filters.
--
Viktor.
