North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ICANN opens up Pandora's Box of new TLDs

  • From: Marshall Eubanks
  • Date: Sat Jun 28 09:48:43 2008


On Jun 28, 2008, at 6:48 AM, Rich Kulawiec wrote:


On Fri, Jun 27, 2008 at 01:40:03PM -0700, David Conrad wrote:

On Jun 27, 2008, at 5:22 AM, Alexander Harrowell wrote:
Well, at least the new TLDs will promote DNS-based cruft filtration.
You can
already safely ignore anything with a .name, .biz, .info, .tv suffix,
to
name just the worst.

Does this actually work? The vast majority of spam I receive has an origin that doesn't reverse map.

Best practice is refuse all mail that comes from any host lacking rDNS,
since that host doesn't meet the minimum requirements for a mail server.


After that, other sanity checks (such as matching forward DNS, valid HELO,
proper wait for SMTP greeting, etc.) also knock out a good chunk of spam.


Yes, some of these also impact non-spamming but broken mail servers,
however, this is usually the only way to get the attention of their
operators and persuade them to effect repairs.

Beyond that, blocking of various gTLDs and ccTLDs and network allocations
works nicely, depending on what your particular mix of inbound spam/ not-spam
is. Understanding of your own inbound mail mix is crucial to deciding
which ones are viable for your operation. Locally, I've had .cn and .kr
along with their entire network allocations blacklisted for years, and
this has worked nicely; but clearly it wouldn't work well for, say,
a major US research university.


Locally, .name, .info and .tv are permanently blacklisted, and I recommend
this to others: they're all heavily spammer-infested. .biz is not
blacklisted at the moment, largely because it's been so badly ravaged
that spammers *appear* to be abandoning it.

Hmm. Looking at the recent spam collection plus email archive for the accounts I host for


SPAM (recent messages only)

13864 messages -   57 from .info rate =  0.4 %
13864 messages - 8761 from  .com rate = 63.1 %

Non-SPAM (going back ~ two years)

122846 messages -   607 from .info - rate = 0.5 %
122846 messages - 71888 from .com  - rate = 58.5 %

I don't see any strong reason to drop .info traffic here.

Note, btw, that at least Joe Abley, Andrew Sullivan and Brian Dickson post to NANOG repeatedly from .info

Regards
Marshall



---Rsk