You can set this up under Settings>Security>SMTP Blocks where you can add a block for the Email Address/Domain and/or the EHLO domain if they're all coming from a similar server. You could also set up a custom spam check under Settings>Antispam>Spam Checks that will assign a higher spam weight to messages coming from any domain ending in .monster.

Kyle,

Thanks for your reply. I have created successfully an Settings>Security>SMTP Blocks entry. But, for some reason, I haven't been able to create a new rule in SpamChecks... I hit the NEW button, give it a RULE NAME, in the RULE SOURCE I choose BODY, in the next RULE SOURCE I choose "Contains", in the RULE TEXT I write the words (e.g.: fly airplanes), then choose a weight of 30, and keep Match Multiple, Enable Spool Filtering and Enable Outgoing SMTP Blocking disabled, and finally I save the Custom Rule, but it doesn't show in the list of SPAM CHECKS. What am I doing wrong? Please advise.

Thanks again... 

Raul, you're very welcome, happy to help! For this issue (adding spam checks) I may need to take a closer look at that to know for sure. Can you submit a support ticket?

I'm having the same problem .... hundreds of spam today alone from *.best, *.monster and *.icu. I've tried Kyle's suggestion: admin level, Settings>Security>SMTP Blocks but SMTP Blocks is requiring a full domain or email address (when entering *.icu = "This is not a valid domain or email address".)  therefore this solution cannot be enabled. Any other suggestions? I'd appreciate any help!!

Hi! Are any of you with this issue using Declude? If yes, you can use it to block these domains. It won't block them at the SMTP level, but it will block the spam messages from being delivered to your users.

Hi Linda! I'm using DECLUDE. How do you configure Declude to block domains? What's the proper sintaxis? 

Thanks,

Raúl

We filter out these TLDs with a custom Rule in the Antispam Settings, so they at least go properly into junk folder.

The settings are:

Rule Name: Blcok Spam TLD

Rule Source: Header

Header: Return-Path

Rule Source: Regular Expression

Rule Text:  

.+\.icu>$

.+\.top>$

.+\.xyz>$

.+\.gdn>$

.+\.best>$

Weight: 30

Enable Spool Filtering: Active

Enable Outgoing SMTP Blocking: Active

Raul, to use Declude to block mail from these domains, you need to create a filter. A filter is a simple text file which contains lines to stop these. Here are 2 different examples of what you can add to your filter depending on what you need...

The example lines below, if used in a filter, will block all TLDs with more than 5 characters...

MAILFROM 0 PCRE (?i:\.[a-z]{5,}$)

REVDNS 0 PCRE (?i:\.[a-z]{5,}$)

HELO 0 PCRE (?i:\.[a-z]{5,}$)

The example lines below, if used in a filter, will block the 3 TLDs that were discussed in this thread...

MAILFROM    0    PCRE    (?i:\.(win|icu|best)$)

REVDNS    0    PCRE    (?i:\.(win|icu|best)$)

HELO    0    PCRE    (?i:\.(win|icu|best)$)

What you need to do to use either if these examples is open a Notepad file and copy/paste the lines in. Save the file to your Declude\Filters directory. You can call it anything you like. For this example we will call it FILTER_TLD.txt.

Once you do that, open your global.cfg file which is in the Declude directory and scroll down to the filters section. You will see lines for other filters.What you need to do is add a line for this filter. It should look like this...

FILTER_TLD        filter    [PATH]\Declude\filters\FILTER_TLD.txt        x    0    0

Be sure to change the [PATH] to the path of your filters directory. For example, if you have Decude installed to your C drive, your line would look like this...

FILTER_TLD        filter    C:\Smartermail\Declude\filters\FILTER_TLD.txt        x    0    0

Next, open your $default$.junkmail file which is in your Declude directory. Add the following line...

FILTER_TLD    DELETE

This will cause any mail which triggers the filter to be deleted. 

Please be aware that you do not need to delete these messages if you do not want them. You can hold them, re-route them, etc... At the top of the $default$.junkmail file you will see the different options you can use.

I hope this helps. Please let me know if you have any further questions. Thanks!

Thank you so much, Linda!!! You rock.

Raúl 

My pleasure Raul :)

I am going to try incorporating Linda's idea, but to add to Reto I have the following:

.+\.accounting>$

.+\.bid>$

.+\.best>$

.+\.click>$

.+\.club>$

.+\.country>$

.+\.cricket>$

.+\.date>$

.+\.download>$

.+\.faith>$

.+\.fun>$

.+\.gdn>$

.+\.host>$

.+\.icu>$

.+\.loan>$

.+\.asia>$

.+\.men>$

.+\.online>$

.+\.party>$

.+\.review>$

.+\.science>$

.+\.space>$

.+\.stream>$

.+\.study>$

.+\.top>$

.+\.trade>$

.+\.webcam>$

.+\.website>$

.+\.win>$

.+\.work>$

.+\.xyz>$

.+\.zw>$