3
Blocking Domains in EHLO Domain Rule
Question asked by Fabio Dias - 8/26/2016 at 4:52 AM
Unanswered
My accounts are receiving a massive amount of spam from these following top level domains:
 
.bs
.club
.ec
.email
.info
.internal
.site
.tk
.top
.work
.ws
.xyz
 
I noticed that "cloudapp.net" is a big source of spams. Is it safe to block them using a EHLO Domain blocking rule?

1 Reply

Reply to Thread
0
Employee Replied
Employee Post
Hi Fabio.  From the domains you've listed, I'm going to guess this is a zero-day attack.  Spammers will purchase a server package from a hosting company that automates domain creation, DNS, and even DKIM signing.  So these emails appear to come from a legitimate mail server.  
MessageSniffer is really good at blocking SnowShoe/Zero-Day spam.  You can start a 30-day trial at Settings >> Activation >> Licensing.
You can also block these at the SMTP level at Security >> Advanced Settings >> SMTP Blocking.  Add a new inbound email address block and enter *.top, *.xyz, etc.
I hope this helps.  

Reply to Thread