How to Block Zero Day Domain Spam

Question asked by Scott Hendrickson - 11/9/2017 at 2:28 PM

Unanswered

Hi Everyone!

We're getting a ton of spam from domains that have been registered VERY early in the morning on the same day it's being received. Much of it is being thrown into users' junk email folders because they're new TLDs, and we have a rule that junks a LOT of the new TLDs. However I'd really like to be able to just block (at smtp time) messages from domains that have been registered within 24 or 48 hours of when we're receiving them. Anybody have any ideas?

Thanks!

Scott Hendrickson
SOS4Net, Inc.
Centennial, CO. U.S.A.

6 Replies

Reply to Thread

Employee Replied

11/9/2017 at 2:49 PM

Employee Post

Hi Scott. MessageSniffer is pretty good at weeding out Snowshoe/Zero-Day spam. I would start a trial of it in Settings >> Antispam.

Scarab Replied

11/9/2017 at 2:49 PM

Blocking NODs (Newly Observed Domains) can be done in Smartermail using RBLs that track new domains and setting those RBLs for SMTP Blocking.

You may want to see https://portal.smartertools.com/community/a89311/blocking-all-email-from-domains-less-than-a-week-old.aspx for details on using RBLs that list NODs and setting them up in Smartermail's Anti-Spam settings for SMTP Blocking.

Scott Hendrickson Replied

11/9/2017 at 4:30 PM

Thanks, Rod. I'll keep MessageSniffer in mind, but I'm not ready to shuck out the bucks for that yet.

Thanks for the SEM suggestion, Scarab. I got all excited about that one for a minute. Unfortunately according to https://spameatingmonkey.com/services/SEM-FRESH, it's a URIBL, not an RBL. That means it can't be used for Incoming SMTP Blocking, which really is where it's most needed.

So does anyone know of any actual RBLs that are useful for zero day domain (or Newly Observed Domains) spam blocking?

Scott Hendrickson SOS4Net, Inc. Centennial, CO. U.S.A.

Linda Pagillo Replied

11/10/2017 at 8:53 AM

Hi Scott. I'm not trying to gain anything here, I'm simply trying to answer your question. We offer a paid RBL which you can use at the SMTP connection level which combats Snowshoe/Zero-Day spam. The cost is $10 per month and I can give you a free trial if you wish. It works really well. If you are interested, please contact me directly at the email address in my signature. Thanks.

Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 Authorized Reseller of SmarterTools Products Authorized Reseller of Message Sniffer

Scott Hendrickson Replied

11/10/2017 at 2:00 PM

Hi Linda:

After I wrote my last reply, I started thinking that it might not even be possible for an RBL to contain this type of info, at least not at the time it's truly needed. The domains I've checked that were registered the same morning were registered around 5 or 6am GMT, which I think is around 11 or midnight the night before in my time zone (MST). How can you guys, or any other RBL for that matter, get this info that fast? In order to really combat zero day domain spam, it seems like there would need to be a separate mechanism within SmarterMail that could do something like parse the domain's creation date from a WHOIS query.

Scott

Scott Hendrickson SOS4Net, Inc. Centennial, CO. U.S.A.

Linda Pagillo Replied

11/10/2017 at 2:24 PM

Scott, there is a reason why it's a private RBL ;) We have had great success combating Snowshoe/Zero-Day spam with this RBL. It takes care of 95% or more of this type of spam. If you would like to give it a try, please contact me directly. Thanks again.

Back to Community Threads

Please leave this box unchecked

6 Replies

Reply to Thread

Tags

Related Knowledge Base Articles