Blocking top level domains
Problem reported by Jerry Kuntz - June 27, 2016 at 6:42 AM
Submitted
Over the weekend, we were hammered by spam from .top and .gdn top level domains. I have tried putting a SMTP Block on plain ".top" but still see mail from those domains coming in to the spooler. Is there a more effective method within SM to block top level domains? (the IP ranges and individual .top domain names change constantly).
 
Jerry Kuntz
Ramapo Catskill Library System

1 Reply

Reply to Thread
2
Jerry,
Try using the following for your Custom Rules to score email from the TLD's you want to block.
Not the cleanest way, but until SM builds something in its the best we could find.
Example 1: (Meant to block TLD; From *.accountant)
    Rule Source: Header
    Header: From
    Rule Type: Regular Expression
    Rule Text: .+\.accountant>$
    Weight: 20
Example 2: (Meant to block TLD, Reply-To *.accountant)
    Rule Source: Header
    Header: Reply-To
    Rule Type: Regular Expression
    Rule Text: .+\.accountant>$
    Weight: 20
Example 3: (Meant to block TLD, Return-Path *.accountant)
    Rule Source: Header
    Header: Return-Path
    Rule Type: Regular Expression
    Rule Text: .+\.accountant>$
    Weight: 20

Here's a list of the TLDs we are blocking.  Note the format:
DOT  PLUSSIGN  BACKSLASH   DOT DOMAINTLD  GREATERTHAN DOLLARSIGN
.+\.accountant>$
.+\.bid>$
.+\.br>$
.+\.cf>$
.+\.click>$
.+\.club>$
.+\.cricket>$
.+\.date>$
.+\.download>$
.+\.eu>$
.+\.faith>$
.+\.fr>$
.+\.ga>$
.+\.gq>$
.+\.in>$
.+\.link>$
.+\.lol>$
.+\.ml>$
.+\.ninja>$
.+\.party>$
.+\.pw>$
.+\.racing>$
.+\.review>$
.+\.rocks>$
.+\.rs>$
.+\.science>$
.+\.space>$
.+\.tk>$
.+\.top>$
.+\.tr>$
.+\.trade>$
.+\.wang>$
.+\.webcam>$
.+\.website>$
.+\.win>$
.+\.work>$
.+\.xyz>$
Kendra Support
http://www.kendra.com
support@kendra.com
425-397-7911
Junk Email filtered ISP

Reply to Thread