> From: lcon...@go2france.com > To: users@spamassassin.apache.org > Subject: dns*.registrar-servers.com as a rogue registrar? > Date: Tue, 7 May 2013 13:15:24 -0500 > > > Nearly all of the .pw domains have their authoritative NS at > dns*.registrar-servers.com. > > that registrar and few others are always at the top of my reports for > NSs of sender domains of spam we reject. > > Does anybody score a msg if its sender domain is DNS hosted by > registrar-servers.com or other? > > what would that rule look like? > > Len > >
I've found this to be a pretty helpful approach. I couldn't find a plugin to do this, and I didn't have time to figure out how to write one, so added the functionality via MimeDefang. I have a list of 'evil' domains and IPs in two RBLs which I maintain myself. I check NS records against these, and if I get a match, I bump up the score by returned by SA by the value of the last byte. I'm not sure this approach would scale to a gazillion mails a day, but works fine for the levels we have to deal with (a couple of 100K tops). Judy.