I noticed URLs from the TLD .link aren't properly classified on my mail
server. I wrote a simple URI rule to recognize that TLD which never
matched. I wrote a similar body rule, which did properly match.
Interestingly, I do see DNS queries going out for the URLs in question.
This is sa 3.3.2-4 -- is it a known issue? The URL in question is on a
single line and is easily pulled out with egrep and properly parsed with
the body rule.
Best,
Jesse Stroik
On 10/13/2014 2:53 PM, Dave Funk wrote:
On Mon, 13 Oct 2014, Philip Prindeville wrote:
Every connection I’ve gotten from a hostname resolving to *.link or
saying helo *.link has been spam (I block the connections with
MIMEDefang).
Has anyone actually seen a legitimate email from a host in the .link TLD?
I’ve seen (last week alone):
bgo.blc-onlineconsumer140.link
ratio.allgiftcardsonlinefriendly.link
ratio.autodealersstarted.link
[snip..]
Is it worth having that triggers on the relay’s hostname being *.link?
Also, I noticed that every message we saw was missing a Received: header…
-Philip
I'll second that and add a similar comment about ".link" URLs inside the
message. Last week I created a uri rule to fire on any ".link" hosted URL
and so far havn't seen a single FP.
