mailcow / mailcow-dockerized

mailcow: dockerized - 🐮 + 🐋 = 💕
https://mailcow.email
GNU General Public License v3.0
9.04k stars 1.18k forks source link

FISHY_TLD list needs a review #4026

Open ValeriySh opened 3 years ago

ValeriySh commented 3 years ago

Summary

FISHY_TLD (data/conf/rspamd/custom/fishy_tlds.map) list is a little bit outdated and needs a review.

Motivation

There are a lot of new TLDs that are cheap and therefore are being used for spam domains quite often. For example: casa, cyou. On the other hand, older TLDs like info became more expensive and may be excluded.

andryyy commented 3 years ago

They only trigger in combination with bad words. And info is still a winner here. :(

I agree with new TLDs.

Am 11.03.2021 um 16:24 schrieb ValeriySh @.***>:

 Summary

FISHY_TLD (data/conf/rspamd/custom/fishy_tlds.map) list is a little bit outdated and needs a review.

Motivation

There are a lot of new TLDs that are cheap and therefore are being used for spam domains quite often. For example: casa, cyou. On the other hand, older TLDs like info became more expensive and may be excluded.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

BeyondVertical commented 3 years ago

.info should be removed, I have a domain with .info and it is not what I would call cheap.

andryyy commented 3 years ago

It is triggered with bad words.

There is always a valid domain for every TLD.

Am 11.03.2021 um 17:58 schrieb BlackScreen @.***>:

 .info should be removed, I have a domain with .info and it is not what I would call cheap.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

ValeriySh commented 3 years ago

It is triggered with bad words.

I see FISHY_TLD penalty even when I send "test" to myself. Also, while .INFO is still in the most spammy TLDs list, the .COM TLD should be #1 FISHY_TLD then according to SpamHaus & Co.

itkfm commented 1 year ago

I don’t see anything related to bad words here. Did I miss something?

Symbols FISHY_TLD (0.1) [….rocks]
MAILCOW_AUTH (-20)
MIME_GOOD (-0.1) [text/plain]
RCVD_COUNT_TWO (0) [2]
TO_DN_NONE (0)
DKIM_SIGNED (0) [….rocks:s=dkim]
NEURAL_HAM (0) [-1.000]
FROM_NO_DN (0)
ASN (0) [asn:24940, ipnet:2a01:4f8::/32, country:DE]
RCPT_MAILCOW_DOMAIN (0) [….at]
MIME_TRACE (0) [0:+]
MOO_FOOTER (0)
ARC_NA (0)
MID_RHS_MATCH_FROMTLD (0)
FROM_EQ_ENVFROM (0)
BCC (0)
MAILCOW_DOMAIN_HEADER_FROM (0) [….rocks]
RCPT_COUNT_ONE (0) [1]
DYN_RL_CHECK (0)
DYN_RL (0) [7 / 1m, ….rocks]
CLAM_VIRUS_FAIL (0) [failed to scan and retransmits exceed]
RCVD_VIA_SMTP_AUTH (0)
TO_MATCH_ENVRCPT_ALL (0)
RCVD_TLS_LAST (0)