Blocking all email from domains less than a week old

Question asked by Curtis Kropar www.HawaiianHope.org - 7/11/2017 at 10:29 AM

Answered

It has been discussed before, but i cant remember the thread.

I remember one of the responses saying "it would reduce the speed of email delivery"

Well, I and all of our clients would be perfectly happy with that. It would eliminate about 90+% of all of the spam we get and then in realty probably actually increase the speed of email delivery as the server could now focus on actual important stuff, and ignore the parasites and cockroaches of the world.

Is there or can we PLEASE make a way to block any connection form a domain that is less than XX hours or days old.

www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !

19 Replies

Reply to Thread

Scarab Replied

7/11/2017 at 11:52 AM

Marked As Answer

Blocking NODs (Newly Observed Domains) can be done in Smartermail using RBLs that track new domains and setting those RBLs for SMTP Blocking.

The following RBLs check for NODs:

SEM-FRESH — Domains registered in the last 5 days
SEM-FRESH10 — Domains registered in the last 10 days
SEM-FRESH15 — Domains registered in the last 15 days
SEM-FRESH30 — Domains registered in the last 30 days
DAY OLD BREAD -- Domains registered in the last 5 days (requires Registration to use their DNSRBL)

Pick the one(s) with the highest threshold you are willing to tolerate and set it in your SmarterMail Antispam settings.

Just a note that Spam Eating Monkeys (SEM) tend to be slow on picking up new TLDs, so you'll still see Spam from new domains such as .CLUB, .CLICK, .DATE, .DOWNLOAD, .MEN, .NINJA, .PARTY, .REVIEW, .ROCKS, .SCIENCE, .SPACE, .STREAM, .TOP, .WIN, .WORK, .XYZ, .ZIP come through but these you can easily just block with a Custom Rule as I have yet to see any legitimate email come from these new TLDs, but it is good at catching the traditional TLDs (especially the .US ones that seem most commonly used by NODs these days).

Curtis Kropar www.HawaiianHope.org Replied

7/11/2017 at 2:14 PM

DUDE !

You are my hero today !

Ok, sorry not to sound stupid, but how do i do that ?

I read over the info and went and looked at my smartermail and cant figure out exactly where I plug that in.

Employee Replied

7/11/2017 at 4:40 PM

Employee Post

Hey Curtis!

Your antispam settings can be found by logging in as the System Administrator. Click on the Settings icon and then select Antispam from the navigation pane. On the URIRBL Lists tab, you can click New to create these checks. In the modal window, the settings listed below will be available. I don't know the exact configuration to apply, but I took some guesses based on the URIRBLs showing in my test installation and the configuration details shown at the Spam Eating Monkey link, and here's an example.

Name - SEM-FRESH

Description - Domains registered in the last 5 days

Weight -

Max Weight -

Hostname - fresh.spameatingmonkey.net

Required Lookup Values - 127.0.0.2

Enable Outgoing SMTP Blocking

For Outgoing SMTP Blocking to work, you need to also enable this functionality on Options tab of your Antispam settings. On the SMTP Blocking card, you'll find Outgoing Weight Threshold. Enable this and adjust the threshold as needed. Messages sent via SMTP will be rejected if the total weight for spam checks that have been enabled for Outgoing SMTP Blocking meet or exceed this threshold. Here's a KB explaining Outgoing SMTP Blocking in more detail: https://portal.smartertools.com/kb/a2661/configure-smtp-blocking-to-prevent-outgoing-spam.aspx.

Scarab, care to make any corrections or suggest some weight values?

Curtis Kropar www.HawaiianHope.org Replied

7/11/2017 at 6:02 PM

Thanks.

We are on Version 14.4.5801

Location is slightly differnet (not in the settings)

What is "Enable bitmap checking" ?

Richard Frank Replied

7/12/2017 at 2:17 AM

Select this check box if the RBL supports bitmapping. Bitmap checking can be used for RBL’s and URIBL’s that support this kind of spam check. For example, SURBL utilizes a multi-blacklist check. For more information and documentation on the appropriate usage, please visit www.surbl.org/lists.

So you need to read the site of the dnsbl provider if their check includes bitmap checking

Curtis Kropar www.HawaiianHope.org Replied

7/12/2017 at 12:13 PM

Thanks. I read the help info. Sorry, still don't really understand that. Is it literally checking a "bitmap" image like a BMP, JPG or something ?

Curtis Kropar www.HawaiianHope.org Replied

7/13/2017 at 12:14 AM

Ok, So that is pretty awesome. I can already see a difference.

Next question,

I see these are now all headed to the Junk folder. Is there a way to get the server to just reject the connections completely ? or reject the emails completely. to tell the connecting server to "F off" I don't even want these going to the junk folder. Dont want our server to even have to deal with them.

Is there any way that is possible ?

Richard Frank Replied

7/13/2017 at 1:03 AM

to block the connections put a check mark with Enable for incoming SMTP blocking. the value will add for incoming weight Treshold on the tab SMTP blocking

Richard Frank Replied

7/13/2017 at 1:20 AM

I think we need some elaboration from SmarterTools here. I don't use it. Searching for info with Google takes too long to find something usefull

Curtis Kropar www.HawaiianHope.org Replied

7/13/2017 at 7:26 AM

the check box on that is marked "N/A" and is greyed out.

Ionel Aurelian Rau Replied

7/18/2017 at 12:39 AM

Hi all,

Just wanted to chime in to thank Scarab for the idea with the SEM-FRESH RBLs - these are really useful (using SM v16.0.6397).

Richard Frank Replied

7/18/2017 at 12:56 AM

true.. only dnsbl can add to smtp blocking
to block on header fields you'll have to receive the mail first to analyze it.

Lennart Eliasson Replied

7/18/2017 at 8:51 PM

When I add this the Avg.Time shows 4,282 ms

I suppose that will slow down the server, right?

Lennart Eliasson Replied

7/18/2017 at 8:53 PM

Now it raised to 15,460 ms

Ionel Aurelian Rau Replied

7/19/2017 at 12:29 AM

Can you please let me know what Avg. Time you mean? SM 15 showed the response time for the RBL lookups, but SM 16 no longer has this feature - is this what you meant?

Sean Middlemore Replied

7/19/2017 at 1:09 AM

I'm getting 76ms but that said our server is in the UK. :)

Lennart Eliasson Replied

7/19/2017 at 2:42 AM

I mean value showed in column "Avg. Time"
For now I have SM 15.6
I disabled it and then later enabled it again.
Same thing happened.
First 3,429 ms then (when I edit):
Last 5 Minutes 3,696 ms
Last 15 Minutes 11,287 ms
Last Hour 28,038 ms
Required Lookup Value is 127.0.0.2 (not enabled)
Bitmap checking not enabled.

Right now "Avg.Time" column shows 2,582 ms
I use: URIBL:SEM-FRESH15 (is that correct?)

Ionel Aurelian Rau Replied

7/19/2017 at 2:54 AM

Ah, well that is why I was asking: this important feature was removed from SM16 and now we cannot see at all how the various RBLs we have setup are performing. Thanks for confirming you`re on SM15