On Jun 28, 2008, at 6:48 AM, Rich Kulawiec wrote:
On Fri, Jun 27, 2008 at 01:40:03PM -0700, David Conrad wrote:
On Jun 27, 2008, at 5:22 AM, Alexander Harrowell wrote:
Well, at least the new TLDs will promote DNS-based cruft filtration. You can already safely ignore anything with a .name, .biz, .info, .tv suffix, to name just the worst.
Does this actually work? The vast majority of spam I receive has an origin that doesn't reverse map.
Best practice is refuse all mail that comes from any host lacking rDNS, since that host doesn't meet the minimum requirements for a mail server.
After that, other sanity checks (such as matching forward DNS, valid HELO, proper wait for SMTP greeting, etc.) also knock out a good chunk of spam.
Yes, some of these also impact non-spamming but broken mail servers, however, this is usually the only way to get the attention of their operators and persuade them to effect repairs.
Beyond that, blocking of various gTLDs and ccTLDs and network allocations works nicely, depending on what your particular mix of inbound spam/ not-spam is. Understanding of your own inbound mail mix is crucial to deciding which ones are viable for your operation. Locally, I've had .cn and .kr along with their entire network allocations blacklisted for years, and this has worked nicely; but clearly it wouldn't work well for, say, a major US research university.
Locally, .name, .info and .tv are permanently blacklisted, and I recommend this to others: they're all heavily spammer-infested. .biz is not blacklisted at the moment, largely because it's been so badly ravaged that spammers *appear* to be abandoning it.
Hmm. Looking at the recent spam collection plus email archive for the accounts I host for SPAM (recent messages only) 13864 messages - 57 from .info rate = 0.4 % 13864 messages - 8761 from .com rate = 63.1 % Non-SPAM (going back ~ two years) 122846 messages - 607 from .info - rate = 0.5 % 122846 messages - 71888 from .com - rate = 58.5 % I don't see any strong reason to drop .info traffic here. Note, btw, that at least Joe Abley, Andrew Sullivan and Brian Dickson post to NANOG repeatedly from .info Regards Marshall
---Rsk