Blocking Domains in EHLO Domain Rule
Question asked by Fabio Dias - August 26, 2016 at 4:52 AM
Unanswered
My accounts are receiving a massive amount of spam from these following top level domains:
 
.bs
.club
.ec
.email
.info
.internal
.site
.tk
.top
.work
.ws
.xyz
 
I noticed that "cloudapp.net" is a big source of spams. Is it safe to block them using a EHLO Domain blocking rule?

1 Reply

Reply to Thread
0
Rod Lasky Replied
Employee Post
Hi Fabio.  From the domains you've listed, I'm going to guess this is a zero-day attack.  Spammers will purchase a server package from a hosting company that automates domain creation, DNS, and even DKIM signing.  So these emails appear to come from a legitimate mail server.  
MessageSniffer is really good at blocking SnowShoe/Zero-Day spam.  You can start a 30-day trial at Settings >> Activation >> Licensing.
You can also block these at the SMTP level at Security >> Advanced Settings >> SMTP Blocking.  Add a new inbound email address block and enter *.top, *.xyz, etc.
I hope this helps.  
Rod Lasky
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread