Hello,
I've been getting reports from colleagues that various e-mails were getting marked as spam by SA. We're running SA 3.4.2 (latest update on debian apt). These mails were all using TLDs such as .site and .online and were getting marked because of it. Rules triggering included FROM_SUSPICIOUS_NTLD and FROM_SUSPICIOUS_NTLD_FP and PDS_OTHER_BAD_TLD, which instantly bumped the spam score by 4.5 (sum of scores at time of writing). https://svn.apache.org/repos/asf/spamassassin/trunk/rulesrc/sandbox/pds/20_ntld.cf I was wondering how often the NTLDs that were added to the SUSP_NTLDs list in the past get reviewed and/or removed from this list, and how I can mitigate this without manually whitelisting each and every address and maintaining some degree of integrity/consistency. Roald