On Tue, 30 Jun 2020 11:30:17 +0000 Roald Stolte wrote:
> These mails were all using TLDs such as .site and .online and were > getting marked because of it. > > > Rules triggering included FROM_SUSPICIOUS_NTLD and > FROM_SUSPICIOUS_NTLD_FP and PDS_OTHER_BAD_TLD, which instantly bumped > the spam score by 4.5 (sum of scores at time of writing). > I was wondering how often the NTLDs that were added to the SUSP_NTLDs > list in the past get reviewed and/or removed from this list, and how > I can mitigate this without manually whitelisting each and every > address and maintaining some degree of integrity/consistency. You can deal with PDS_OTHER_BAD_TLD by using delist_uri_host. Unfortunately there is no delist version of enlist_addrlist. You could just drop the score for FROM_SUSPICIOUS_NTLD & FROM_SUSPICIOUS_NTLD_FP. Alternately you could override the definitions of the 2 rules so the problematic TLDs don't trigger them.
