How to Block Zero Day Domain Spam
Question asked by Scott Hendrickson - November 9, 2017 at 2:28 PM
Unanswered
Hi Everyone! 
 
We're getting a ton of spam from domains that have been registered VERY early in the morning on the same day it's being received.  Much of it is being thrown into users' junk email folders because they're new TLDs, and we have a rule that junks a LOT of the new TLDs.  However I'd really like to be able to just block (at smtp time) messages from domains that have been registered within 24 or 48 hours of when we're receiving them.  Anybody have any ideas? 
 
Thanks! 
Scott Hendrickson
SOS4Net, Inc.
Centennial, CO. U.S.A.

6 Replies

Reply to Thread
0
Rod Lasky Replied
Employee Post
Hi Scott.  MessageSniffer is pretty good at weeding out Snowshoe/Zero-Day spam.  I would start a trial of it in Settings >> Antispam.
Rod Lasky
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Scarab Replied
Blocking NODs (Newly Observed Domains) can be done in Smartermail using RBLs that track new domains and setting those RBLs for SMTP Blocking.
 
You may want to see https://portal.smartertools.com/community/a89311/blocking-all-email-from-domains-less-than-a-week-old.aspx for details on using RBLs that list NODs and setting them up in Smartermail's Anti-Spam settings for SMTP Blocking.
0
Thanks, Rod.  I'll keep MessageSniffer in mind, but I'm not ready to shuck out the bucks for that yet.
 
Thanks for the SEM suggestion, Scarab.  I got all excited about that one for a minute.  Unfortunately according to https://spameatingmonkey.com/services/SEM-FRESH, it's a URIBL, not an RBL.  That means it can't be used for Incoming SMTP Blocking, which really is where it's most needed. 
 
So does anyone know of any actual RBLs that are useful for zero day domain (or Newly Observed Domains) spam blocking?
Scott Hendrickson
SOS4Net, Inc.
Centennial, CO. U.S.A.
0
Hi Scott. I'm not trying to gain anything here, I'm simply trying to answer your question. We offer a paid RBL which you can use at the SMTP connection level which combats Snowshoe/Zero-Day spam. The cost is $10 per month and I can give you a free trial if you wish. It works really well. If you are interested, please contact me directly at the email address in my signature. Thanks.
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Office: 703.988.3606

Authorized Reseller of SmarterTools Products
Authorized Reseller of Message Sniffer
0
Hi Linda:

After I wrote my last reply, I started thinking that it might not even be possible for an RBL to contain this type of info, at least not at the time it's truly needed. The domains I've checked that were registered the same morning were registered around 5 or 6am GMT, which I think is around 11 or midnight the night before in my time zone (MST). How can you guys, or any other RBL for that matter, get this info that fast? In order to really combat zero day domain spam, it seems like there would need to be a separate mechanism within SmarterMail that could do something like parse the domain's creation date from a WHOIS query.

Scott
Scott Hendrickson
SOS4Net, Inc.
Centennial, CO. U.S.A.
0
Scott, there is a reason why it's a private RBL ;) We have had great success combating Snowshoe/Zero-Day spam with this RBL. It takes care of 95% or more of this type of spam. If you would like to give it a try, please contact me directly. Thanks again.
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Office: 703.988.3606

Authorized Reseller of SmarterTools Products
Authorized Reseller of Message Sniffer

Reply to Thread