Re: ATT RBL f---wits
NO PTR for the IP. Cableone is SOA on this zone, so they are the issue. You can ask them to create a PTR for your static IP and hope for the best. Most I have dealt with will do it as long as it's a commercial account. -- Original Message -- From "Philip Prindeville" To users@spamassassin.apache.org Date 11/27/2023 3:31:52 PM Subject ATT RBL f---wits
Re[8]: rule based on domain age
IP ranges and country connections are of no help. These criminals use outlook, gmail, vps servers and everything under the sun. The spameatingmonkey.com rbl was suggested to me for domains reg'd in the past 30 days will be quite helpful, already implemented. I am also looking at getting the feed from zonefiles.io and I can potentially use that data and some coding on my end to create my own 180 or whatever day list fairly easily and query it locally with an in house RBL. I appreciate your input and suggestions Marc. -- Original Message -- From "Marc" To "Tracy Greggs" ; "users@spamassassin.apache.org" Date 5/10/2023 4:57:21 PM Subject RE: Re[6]: rule based on domain age What I am targeting will not be on an abusive domains on any RBL anywhere as they buy these domains for the sole purpose of targeting our company and our clients. They only have to succeed once where I have to succeed every time to keep them from stealing large sums. What about the ip ranges? I have the impression that once you register these, it gets less. There are specific providers offering their networks for such services. Legitimate providers do not want to get involved with such networks, because they will end up on blacklists. I am having a combination of ip ranges that I have registered, these get from me an url in a confirmation, only when this url is clicked the email is accepted. You could tune this for your environment. Maybe you can do something with the connection country [@]# dig +short -t txt https://urldefense.proofpoint.com/v2/url?u=http-3A__95.80.124.107.origin.asn.cymru.com&d=DwIGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=30424yrS-9EgmTKE1eBweU94kLZa7u_GLzgvVe6Np9o&m=LXUC6fBevzoGP-DHdTSkBn2kczQixB-XLpKmQzKF_Zk&s=lujgLOURlWXAvVUGVSQ1Fc1-4ZDVA73VF_4gTf2pZuk&e= "7018 | https://urldefense.proofpoint.com/v2/url?u=http-3A__107.64.0.0_10&d=DwIGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=30424yrS-9EgmTKE1eBweU94kLZa7u_GLzgvVe6Np9o&m=LXUC6fBevzoGP-DHdTSkBn2kczQixB-XLpKmQzKF_Zk&s=jo8mFV_zmsrMXzYKy4mfFbBtVAygJ585ORp5oAdb7Ts&e= | US | arin | 2011-02-04"
Re[6]: rule based on domain age
We are specifically targeted Marc. We have 130 domains on the shelf via UDRP disputes right now and 30 more in progress. What I am trying to accomplish with this issue at hand is to score up and quarantine all domains newer than 380 days. I am fully aware that there will be some legit email quarantined and I am fine with that, those can be vetted and released. What I am targeting will not be on an abusive domains on any RBL anywhere as they buy these domains for the sole purpose of targeting our company and our clients. They only have to succeed once where I have to succeed every time to keep them from stealing large sums. I may need to look at this differently, more like checking against a DNS based list of domains over a year old for example and giving those a negative score if necessary. -- Original Message -- From "Marc" To "Tracy Greggs" ; "users@spamassassin.apache.org" Date 5/10/2023 3:50:06 PM Subject RE: Re[4]: rule based on domain age Yes some already block/timeout with the 2nd lookup. But there is a flip side. There are dns blacklists that have domainnames that are currently being abused. I hadn't considered being blocked by the TLD's from doing the lookups. Good point. We probably do about 2K per day so not sure that is enough to be blocked but it certainly could be. > >> >> Why would it have to have to be specific per TLD? Why I have in mind is >> looking at the creation date of the sending domain and scoring it up if >> it is newer than 12 months, no matter what the TLD is. > >I totally get it. I was thinking of incorporating this in a service for a European project. And even going further, querying owner information. > >> Am I missing something? > >Because this information is only available at tld's and just querying the whois endlessly will be blocked. Every tld registry has their own operating rules.
Re[4]: rule based on domain age
I hadn't considered being blocked by the TLD's from doing the lookups. Good point. We probably do about 2K per day so not sure that is enough to be blocked but it certainly could be. -- Original Message -- From "Marc" To "Tracy Greggs" Date 5/10/2023 3:32:05 PM Subject RE: Re[2]: rule based on domain age Why would it have to have to be specific per TLD? Why I have in mind is looking at the creation date of the sending domain and scoring it up if it is newer than 12 months, no matter what the TLD is. I totally get it. I was thinking of incorporating this in a service for a European project. And even going further, querying owner information. Am I missing something? Because this information is only available at tld's and just querying the whois endlessly will be blocked. Every tld registry has their own operating rules.
rule based on domain age
My apologies if that has been asked and or answered previously. I would love to have a rule to score up messages from domains registered in the past X configurable days. We rarely receive legit email from domains newer than 1 year old, but we get spoofs daily from domains that are less than 1 year old. I would like to score all of the less than 1 year old domains up and quarantine them for review. Does such a rule already exist? Thanks in advance for any direction any of you may have. Regards
