On Wed, Aug 19, 2015 at 06:44:05PM -0400, Ben Greenfield wrote:
> >> We receive a lot of spam that have very rare top level domains .site,
> >> .link, .website, .eu.
> >
> > It is wrong to black TLDs, even if initially they appear to mostly
> > send spam.
>
> It is quick and effective and my thinking was that if a legitimate domain
> gets rejected I would add it a specific ACCEPT above the reject in the
> custom header check. It may be a bad plan
It is largely a bad plan, perhaps you can configure more aggressive
scoring for the spam in question.
> > Instead, try to improve your content filters.
>
> The spam that is getting through doesn?t have any spam score from
> spamassassin I guess I should insure that they aren't circumventing the
> evaluation in someway.
Or enable more rules, when the *envelope sender* is in .eu. Do
not block the entire TLD, and apply rules by envelope sender address,
not "Received" headers.
> > Whatever content scoring system is built-in to the Mac-OS/X Mail.app
> > client, for example, identifies the vast majority of my spam without
> > blocking any TLDs.
>
> I would like to be doing this on the server before it reaches the client.
Sure, I was not suggesting to use Mail.app per-se, rather it was
used as proof-of-concept that decent filtering by content is
possible.
--
Viktor.
