North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: ICANN opens up Pandora's Box of new TLDs
- From: Marshall Eubanks
- Date: Sat Jun 28 09:48:43 2008
On Jun 28, 2008, at 6:48 AM, Rich Kulawiec wrote:
On Fri, Jun 27, 2008 at 01:40:03PM -0700, David Conrad wrote:
On Jun 27, 2008, at 5:22 AM, Alexander Harrowell wrote:
Well, at least the new TLDs will promote DNS-based cruft filtration.
You can
already safely ignore anything with a .name, .biz, .info, .tv
suffix,
to
name just the worst.
Does this actually work? The vast majority of spam I receive has an
origin that doesn't reverse map.
Best practice is refuse all mail that comes from any host lacking
rDNS,
since that host doesn't meet the minimum requirements for a mail
server.
After that, other sanity checks (such as matching forward DNS, valid
HELO,
proper wait for SMTP greeting, etc.) also knock out a good chunk of
spam.
Yes, some of these also impact non-spamming but broken mail servers,
however, this is usually the only way to get the attention of their
operators and persuade them to effect repairs.
Beyond that, blocking of various gTLDs and ccTLDs and network
allocations
works nicely, depending on what your particular mix of inbound spam/
not-spam
is. Understanding of your own inbound mail mix is crucial to deciding
which ones are viable for your operation. Locally, I've had .cn
and .kr
along with their entire network allocations blacklisted for years, and
this has worked nicely; but clearly it wouldn't work well for, say,
a major US research university.
Locally, .name, .info and .tv are permanently blacklisted, and I
recommend
this to others: they're all heavily spammer-infested. .biz is not
blacklisted at the moment, largely because it's been so badly ravaged
that spammers *appear* to be abandoning it.
Hmm. Looking at the recent spam collection plus email archive for the
accounts I host for
SPAM (recent messages only)
13864 messages - 57 from .info rate = 0.4 %
13864 messages - 8761 from .com rate = 63.1 %
Non-SPAM (going back ~ two years)
122846 messages - 607 from .info - rate = 0.5 %
122846 messages - 71888 from .com - rate = 58.5 %
I don't see any strong reason to drop .info traffic here.
Note, btw, that at least Joe Abley, Andrew Sullivan and Brian Dickson
post to NANOG repeatedly from .info
Regards
Marshall
---Rsk
|