On Mon, 27 Nov 2017 17:37:35 -0800 (PST) John Hardin wrote: > The ".date" TLD just started bombarding my inbox... >
> score FROM_RARE_TLD 3.000 > score REPTO_RARE_TLD 3.000 > score URI_RARE_TLD 3.000 It's pretty common for the author domain to be in the body of an email and/or a reply-to header. With "parse_dkim_uris 1", URI_RARE_TLD can also come from an author DKIM signature. I don't think it's sensible to score them this way, it's a lottery between conservative and full poison pill. I haven't look into this in detail, but I'd probably go for something like: meta ADDR_RARE_TLD __REPTO_RARE_TLD || __FROM_RARE_TLD meta URI_RARE_TLD __URI_RARE_TLD && !ADDR_RARE_TLD a single meta rule might do, but people seem to be less conservative about using new TLDs on websites, and there's an additional risk of URI FPs from typos.
