Re[8]: rule based on domain age

Wed, 10 May 2023 15:05:39 -0700

IP ranges and country connections are of no help. These criminals use outlook, gmail, vps servers and everything under the sun.
The spameatingmonkey.com rbl was suggested to me for domains reg'd in the past 30 days will be quite helpful, already implemented. 


I am also looking at getting the feed from zonefiles.io and I can 
potentially use that data and some coding on my end to create my own 180 
or whatever day list fairly easily and query it locally with an in house 
RBL.


I appreciate your input and suggestions Marc.




------ Original Message ------

From "Marc" <m...@f1-outsourcing.eu>

To "Tracy Greggs" <postmas...@insuredaircraft.com>; 
"users@spamassassin.apache.org" <users@spamassassin.apache.org>

Date 5/10/2023 4:57:21 PM
Subject RE: Re[6]: rule based on domain age





 What I am targeting will not be on an abusive domains on any RBL
 anywhere as they buy these domains for the sole purpose of targeting our
 company and our clients.  They only have to succeed once where I have to
 succeed every time to keep them from stealing large sums.


What about the ip ranges? I have the impression that once you register these, 
it gets less. There are specific providers offering their networks for such 
services. Legitimate providers do not want to get involved with such networks, 
because they will end up on blacklists.

I am having a combination of ip ranges that I have registered, these get from 
me an url in a confirmation, only when this url is clicked the email is 
accepted.
You could tune this for your environment.

Maybe you can do something with the connection country

[@]# dig +short -t txt 
https://urldefense.proofpoint.com/v2/url?u=http-3A__95.80.124.107.origin.asn.cymru.com&d=DwIGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=30424yrS-9EgmTKE1eBweU94kLZa7u_GLzgvVe6Np9o&m=LXUC6fBevzoGP-DHdTSkBn2kczQixB-XLpKmQzKF_Zk&s=lujgLOURlWXAvVUGVSQ1Fc1-4ZDVA73VF_4gTf2pZuk&e=
"7018 | 
https://urldefense.proofpoint.com/v2/url?u=http-3A__107.64.0.0_10&d=DwIGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=30424yrS-9EgmTKE1eBweU94kLZa7u_GLzgvVe6Np9o&m=LXUC6fBevzoGP-DHdTSkBn2kczQixB-XLpKmQzKF_Zk&s=jo8mFV_zmsrMXzYKy4mfFbBtVAygJ585ORp5oAdb7Ts&e=
 | US | arin | 2011-02-04"























					Reply via email to