On 9/25/2015 10:28 AM, Dianne Skoll wrote:
On Fri, 25 Sep 2015 14:21:50 +0000
Dave <da...@grolen.com> wrote:
I am trying to create a rule that scores TLD's in received headers if
they are not certain TLD's. What I have so far:
Your logic is wrong. And you can do it all with one regex:
header GC_TLD_COM Received !~/\.(?:com|net|org|edu|uk)\b/i
I won't comment on the advisability of such a rule; the policy is up to you.
Also beware that this will trigger on IPs with no reverse DNS.
Regards,
Dianne.
I'll comment, since I like these sorts of rules.
There's a ridiculous amount of TLDs, and their use is starting to
becoming more common to the point of almost routine, between t.co,
goo.gl, etc. That makes a rule like yours hard to justify most of the
time, but I can see industries where it's valid to give a very low score
on the order of 0.5 tops. Typically you will want to work backwards and
write rules for "these TLDs are particularly bad". You should think very
long and hard before blacklisting a TLD entirely, as well. The only
scenario I can imagine being valid would be if you were running a school
and blacklisting the .xxx TLD.
This might be a nice light spam indicator, but like all broad rules it's
easy to end up with a 10% FP rate. You need a full understanding of the
mail traffic it operates on, which nobody else on-list has but you.
