Blocking all email from domains less than a week old
Question asked by Curtis Kropar www.HawaiianHope.org - July 11, 2017 at 10:29 AM
Answered
It has been discussed before, but i cant remember the thread.
 
I remember one of the responses saying "it would reduce the speed of email delivery"
Well, I and all of our clients would be perfectly happy with that. It would eliminate about 90+% of all of the spam we get and then in realty probably actually increase the speed of email delivery as the server could now focus on actual important stuff, and ignore the parasites and cockroaches of the world.
 
Is there or can we PLEASE make a way to block any connection form a domain that is less than XX hours or days old.

www.HawaiianHope.org - Providing technology services to non profit organizations, homeless shelters, clean and sober houses and prisoner reentry programs. To date we have given away over 1,000 free computers.

19 Replies

Reply to Thread
3
Scarab Replied
Marked As Answer
Blocking NODs (Newly Observed Domains) can be done in Smartermail using RBLs that track new domains and setting those RBLs for SMTP Blocking.
 
The following RBLs check for NODs:
 
  • SEM-FRESH — Domains registered in the last 5 days
  • SEM-FRESH10 — Domains registered in the last 10 days
  • SEM-FRESH15 — Domains registered in the last 15 days
  • SEM-FRESH30 — Domains registered in the last 30 days
  • DAY OLD BREAD -- Domains registered in the last 5 days (requires Registration to use their DNSRBL)
Pick the one(s) with the highest threshold you are willing to tolerate and set it in your SmarterMail Antispam settings.
Just a note that Spam Eating Monkeys (SEM) tend to be slow on picking up new TLDs, so you'll still see Spam from new domains such as .CLUB, .CLICK, .DATE, .DOWNLOAD, .MEN, .NINJA, .PARTY, .REVIEW, .ROCKS, .SCIENCE, .SPACE, .STREAM, .TOP, .WIN, .WORK, .XYZ, .ZIP come through but these you can easily just block with a Custom Rule as I have yet to see any legitimate email come from these new TLDs, but it is good at catching the traditional TLDs (especially the .US ones that seem most commonly used by NODs these days).
0
DUDE !
You are my hero today !
Ok, sorry not to sound stupid, but how do i do that ?
I read over the info and went and looked at my smartermail and cant figure out exactly where I plug that in.

www.HawaiianHope.org - Providing technology services to non profit organizations, homeless shelters, clean and sober houses and prisoner reentry programs. To date we have given away over 1,000 free computers.

2
Andrea Rogers Replied
Employee Post
Hey Curtis!
 
Your antispam settings can be found by logging in as the System Administrator. Click on the Settings icon and then select Antispam from the navigation pane. On the URIRBL Lists tab, you can click New to create these checks. In the modal window, the settings listed below will be available. I don't know the exact configuration to apply, but I took some guesses based on the URIRBLs showing in my test installation and the configuration details shown at the Spam Eating Monkey link, and here's an example. 
 
Name - SEM-FRESH
Description -  Domains registered in the last 5 days
Weight - 
Max Weight - 
Hostname - fresh.spameatingmonkey.net
Required Lookup Values - 127.0.0.2
Enable Outgoing SMTP Blocking
 
For Outgoing SMTP Blocking to work, you need to also enable this functionality on Options tab of your Antispam settings. On the SMTP Blocking card, you'll find Outgoing Weight Threshold. Enable this and adjust the threshold as needed. Messages sent via SMTP will be rejected if the total weight for spam checks that have been enabled for Outgoing SMTP Blocking meet or exceed this threshold. Here's a KB explaining Outgoing SMTP Blocking in more detail: https://portal.smartertools.com/kb/a2661/configure-smtp-blocking-to-prevent-outgoing-spam.aspx.
 
Scarab, care to make any corrections or suggest some weight values? 

Andrea Rogers
Communications Specialist
SmarterTools Inc.
(877) 357-6278

www.smartertools.com

1
Thanks.
We are on Version 14.4.5801
Location is slightly differnet (not in the settings)
What is "

www.HawaiianHope.org - Providing technology services to non profit organizations, homeless shelters, clean and sober houses and prisoner reentry programs. To date we have given away over 1,000 free computers.

0
Richard Frank Replied
Select this check box if the RBL supports bitmapping. Bitmap checking can be used for RBL’s and URIBL’s that support this kind of spam check. For example, SURBL utilizes a multi-blacklist check. For more information and documentation on the appropriate usage, please visit www.surbl.org/lists.

So you need to read the site of the dnsbl provider if their check includes bitmap checking
0
Thanks. I read the help info. Sorry, still don't really understand that. Is it literally checking a "bitmap" image like a BMP, JPG or something ?

www.HawaiianHope.org - Providing technology services to non profit organizations, homeless shelters, clean and sober houses and prisoner reentry programs. To date we have given away over 1,000 free computers.

0
Ok, So that is pretty awesome. I can already see a difference.
Next question,
I see these are now all headed to the Junk folder.  Is there a way to get the server to just reject the connections completely ? or reject the emails completely. to tell the connecting server to "F off"  I don't even want these going to the junk folder. Dont want our server to even have to deal with them.
Is there any way that is possible ?

www.HawaiianHope.org - Providing technology services to non profit organizations, homeless shelters, clean and sober houses and prisoner reentry programs. To date we have given away over 1,000 free computers.

0
Richard Frank Replied
to block the connections put a check mark with Enable for incoming SMTP blocking. the value will add for incoming weight Treshold on the tab SMTP blocking
0
Richard Frank Replied
I think we need some elaboration from SmarterTools here. I don't use it. Searching for info with Google takes too long to find something usefull
0
the check box on that is marked "N/A" and is greyed out.

www.HawaiianHope.org - Providing technology services to non profit organizations, homeless shelters, clean and sober houses and prisoner reentry programs. To date we have given away over 1,000 free computers.

0
Hi all,
 
Just wanted to chime in to thank Scarab for the idea with the SEM-FRESH RBLs - these are really useful (using SM v16.0.6397).
0
Richard Frank Replied
true.. only dnsbl can add to smtp blocking
to block on header fields you'll have to receive the mail first to analyze it.
0
Lennart Eliasson Replied
When I add this the Avg.Time shows 4,282 ms
I suppose that will slow down the server, right?
0
Lennart Eliasson Replied
Now it raised to 15,460 ms
0
Can you please let me know what Avg. Time you mean? SM 15 showed the response time for the RBL lookups, but SM 16 no longer has this feature - is this what you meant?
0
Sean Middlemore Replied
I'm getting 76ms but that said our server is in the UK. :)
0
Lennart Eliasson Replied
I mean value showed in column "Avg. Time"
For now I have SM 15.6
I disabled it and then later enabled it again.
Same thing happened.
First 3,429 ms then (when I edit):
Last 5 Minutes 3,696 ms
Last 15 Minutes 11,287 ms
Last Hour 28,038 ms
Required Lookup Value is 127.0.0.2 (not enabled)
Bitmap checking not enabled.

Right now "Avg.Time" column shows 2,582 ms
I use: URIBL:SEM-FRESH15 (is that correct?)
0
Ah, well that is why I was asking: this important feature was removed from SM16 and now we cannot see at all how the various RBLs we have setup are performing. Thanks for confirming you`re on SM15
0
Rodrigo Araujo Replied
Hello,

yes, you can use URIBL:
https://spameatingmonkey.com/services

Best Regards,

[]´s Rodrigo Araujo
www.ITMNETWORKS.com.br

Reply to Thread