Block ICU
Question asked by John Marx - July 19 at 12:40 PM
Answered
In our headers 90% of all spam is coming from .ICU domains. How can we prevent? Declude cannot be an option as we are on the latest version of SmarterMail.

Received: from harmonyrational.icu (hostmaster.netbudur.com [193.31.119.173])  

4 Replies

Reply to Thread
3
Steve Norton Replied
I use a four-pronged attack on high probability domains via custom filters;
  1. Rule Name: .ico
    Rule Source: Body
    Rule Source: Contains
    Rule Text:  .icu/
                    .icu"
                    .icu "
  2. Rule Name: Return-Path
    Rule Source: Header
    Header: Return-Path
    Rule Source: Contains
    Rule Text:  ..excerpt from long list..
                .hk>
                .host>
                .hu>
                .icu>
                .id>
                .in>
                .ir>
                ..excerpt from long list..
  3. Rule Name: MAIL FROM
    Rule Source: Header
    Header: From
    Rule Source: Contains
    Rule Text:  ..excerpt from long list..
                .hk>
                .host>
                .hu>
                .icu>
                .id>
                .in>
                .ir>
                ..excerpt from long list..
  4. Rule Name: Received domain high
    Rule Source: Header
    Header: Received
    Rule Source: Contains
    Rule Text:  ..excerpt from long list..
                .hu]
                .icu [
                .icu (
                .icu?)
                .icu]
                .id [
                ..excerpt from long list..
    Let me know if providing the JSON would be better.


0
John Marx Replied
I am missing something Steve. I see where I can do some filtering at the domain level. I know I can do at the user level. I have no problem creating the first and then exporting and doing for all users. I just don't see where to do this as there is no import/export option for wherever I am looking. I don't see an area on the spam settings (server wide) that would allow this either.

Although I know I want to block all of these at times I could see not wanting that and it would be a domain level type of setting.
1
Steve Norton Replied
Sorry, I've said 'custom filters' rather than Antispam 'custom rules', which may have confused you?
0
Rod Lasky Replied
Employee Post Marked As Answer
Hi John.  At the system level, you can go to Settings >> Security >> SMTP Blocks.  Add a domain block for *.icu
Rod Lasky
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread