Hi Mark

Thank you, but my question was, how to match the rdns name of the
source IP.

Well i found out the header matcher can also match Received: header
lines.

header          IMP_RECV_SHOP          Received =~ /\.shop\ /
score           IMP_RECV_SHOP          10
describe        IMP_RECV_SHOP          Received: from shop TLD

This works for me.

Am Sat, 21 Jun 2025 13:47:19 -0400
schrieb Mark London <m...@psfc.mit.edu>:

> I and probably a lot of people here, block that domain and a bunch 
> others, even before they reach spamassassin
> 
> "Why Phishers Love New TLDs Like .shop, .top and .xyz"
> 
> https://krebsonsecurity.com/2024/12/why-phishers-love-new-tlds-like-shop-top-and-xyz/
> 
> "Spammers and scammers gravitate toward domains in the new gTLDs because 
> these registrars tend to offer cheap or free registration with little to 
> no account or identity verification requirements."
> 
> On 6/20/2025 3:40 AM, Benoît Panizzon wrote:
> > Is there a way to match the sending IP rdns name?
> >
> > Received: from future.roommagic.shop (future.roommagic.shop [37.59.92.8] 
> > Port:45265)
> >
> > like match /\.shop$/ of the rdns name?
> >  
> 




Mit freundlichen Grüssen

-Benoît Panizzon-
-- 
I m p r o W a r e   A G    -    Leiter Commerce Kunden
______________________________________________________

Zurlindenstrasse 29             Tel  +41 61 826 93 00
CH-4133 Pratteln                Fax  +41 61 826 93 01
Schweiz                         Web  http://www.imp.ch
______________________________________________________

Reply via email to