Blocking top level domains
Problem reported by Jerry Kuntz - June 27, 2016 at 6:42 AM
Submitted
Over the weekend, we were hammered by spam from .top and .gdn top level domains. I have tried putting a SMTP Block on plain ".top" but still see mail from those domains coming in to the spooler. Is there a more effective method within SM to block top level domains? (the IP ranges and individual .top domain names change constantly).
 
Jerry Kuntz
Ramapo Catskill Library System

3 Replies

Reply to Thread
2
Matthew Leyda Replied
Jerry,
Try using the following for your Custom Rules to score email from the TLD's you want to block.
Not the cleanest way, but until SM builds something in its the best we could find.
Example 1: (Meant to block TLD; From *.accountant)
    Rule Source: Header
    Header: From
    Rule Type: Regular Expression
    Rule Text: .+\.accountant>$
    Weight: 20
Example 2: (Meant to block TLD, Reply-To *.accountant)
    Rule Source: Header
    Header: Reply-To
    Rule Type: Regular Expression
    Rule Text: .+\.accountant>$
    Weight: 20
Example 3: (Meant to block TLD, Return-Path *.accountant)
    Rule Source: Header
    Header: Return-Path
    Rule Type: Regular Expression
    Rule Text: .+\.accountant>$
    Weight: 20

Here's a list of the TLDs we are blocking.  Note the format:
DOT  PLUSSIGN  BACKSLASH   DOT DOMAINTLD  GREATERTHAN DOLLARSIGN
.+\.accountant>$
.+\.bid>$
.+\.br>$
.+\.cf>$
.+\.click>$
.+\.club>$
.+\.cricket>$
.+\.date>$
.+\.download>$
.+\.eu>$
.+\.faith>$
.+\.fr>$
.+\.ga>$
.+\.gq>$
.+\.in>$
.+\.link>$
.+\.lol>$
.+\.ml>$
.+\.ninja>$
.+\.party>$
.+\.pw>$
.+\.racing>$
.+\.review>$
.+\.rocks>$
.+\.rs>$
.+\.science>$
.+\.space>$
.+\.tk>$
.+\.top>$
.+\.tr>$
.+\.trade>$
.+\.wang>$
.+\.webcam>$
.+\.website>$
.+\.win>$
.+\.work>$
.+\.xyz>$
Kendra Support
http://www.kendra.com
support@kendra.com
425-397-7911
Junk Email filtered ISP
0
Neil Colvin Replied
.xyz is now being used by Google for many of their administrative and other emails. Blocking it is not a good idea.
0
Jim Rosemary Replied
That works fine at the server/admin level. Is there any way for individual users or domain admins to use regular expressions in their filters? For example, one user wants to block all mail from the TLD ".us". But when he set up a filter to block domains containing "*.us", he could no longer receive mail from "usbank.com". A regular expression would allow the criteria to specify that the domain has to end in ".us"
Jim Rosemary
New Tech Web, Inc.

Reply to Thread