163.com (as well as 126.com which you don't have listed) is a bit of a special case. It's a Chinese site that offers free email address as well as a very popular portal site - think of it as the Chinese equivalent to Yahoo or Hotmail. Whilst it's certainly true that a lot of spam originates from there, simply classifying it as a spam site isn't (necessarily) correct, in the same way that classifying yahoo or hotmail as spam isn't correct. The company behind 163.com is actually listed on the NASDAQ... You did mention heuristics, so I'm guessing you're not actually just outright blacklisting it, just wanted to point out that all number-only domains aren't necessarily spam-only. Scott On Thu, Oct 31, 2013 at 3:49 PM, Tony Hain <alh-ietf@tndh.net> wrote:
John Levine wrote:
Right. Spam filtering depends on heuristics. Mail from hosts without matching forward/reverse DNS is overwhelmingly bot spam, so checking for it is a very effective heuristic.
Leading digit is clearly in widespread use beyond 3com & 1and1. One of the most effective heuristics in my acl list is: \N^.*@\d{3,}\.(cn|com|net|org|us|asia)
In the last few hours it has picked off multiple messages from each of these: Carol28@8447.com Jeff17@3550.com Ronald79@0785.com Kevin57@2691.com Deborah76@3585.com Kimberly34@5864.com Sarah94@0858.com zavfdv@131.com qgmklyysyn@163.com pjpeng@163.com fahuyrw@163.com Daniel57@4704.com Helen95@2620.com