Well yeah, they can always buy a .com, etc., but right now .stream has nothing legit.
The last time this discussion came up (not initiated by me if it matters), I bought into TLD blocking being bad, but things are different half a year later. I suppose I can find a more effective RBL, but the more you add, the more likely you get false positives. Original Message From: /dev/rob0 Sent: Monday, September 19, 2016 6:11 PM To: postfix-users@postfix.org Reply To: postfix-users@postfix.org Subject: Re: TLD blocking revisited On Mon, Sep 19, 2016 at 05:29:51PM -0700, li...@lazygranch.com wrote: > The last time TLD blocking came up, the consensus of the hive was > not to block based on TLD. (You may recall .xyz being used by > Alphabet.) However lately I'm getting a ridiculous number of > .stream SPAM coming through. The RBLs are getting about half. > > https://www.spamhaus.org/statistics/tlds/ > > I have a hard time believing I will ever get legit mail from a > .stream or a .download. The thing is, I don't think any TLD prescreens its registrants and limits domains to spammers only. Anyone can buy one of the new domains, whether or not a spammer. > FWIW, many of the .stream pass SPF, which is perhaps why the RBLs > are not being as aggressive. Certainly not a factor. Most significant DNSBLs operate on the basis of spamtraps. If a host is hitting a spamtrap, it will be listed; if not it will not be listed. FCrDNS and other niceties are irrelevant. The DNSBL knows that the traffic is spam, because a good spamtrap is an address which was never used. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
