On March 17, 2016 at 13:26 evan@telly.org (Evan Leibovitch) wrote:
It's all in the balance, I guess.
On a very high-volume site, the scoring of each incoming mail -- which requires examining content and evaluating it against what could be a complex ruleset -- presents a potentially significant drain on resources. If a reasonable judgment is made that a TLD is a source of no significant non-spam, then it's far more efficient to just block on the TLD.
That's true. For example we block many nets based on just the IP address and those connections are just dropped nearly instantly. Also pattern matches of sending hosts. For example not accepting anything coming from a host which appears to be an end-user (dhcp-.*, ppp-.*, host names which look like ip addresss like 192.74.137.22.somehost.com that sort of thing) tho generally there's a little more qualification than that, end-user networks which have been sources of spam. So the recommendation was fairly specific to the example given. I'm resistant to dropping an entire TLD and try to use more focused methods such as raising their base spamassassin score or, well, we have a lot of tools like testing regular expressions on Subject: lines, From addresses. Hint: Don't ever open an account with a user name containing the name of any erectile dysfunction medication or variant thereof (e.g., replacing 'i' with 1) and expect me to ever see your mail!
It's certainly not uncommon for people or organizations to say "if you want to communicate with me you need to do so in a way that is acceptable to me". The requirements could mean (in descending level of complexity) a local set of rules, or not being on the spamhaus black list, or not using an undesired TLD.
Olivier's issue of bounce messages might be appropriate ... if the recipient of the bounce messages cared at all. I imagine most spamming sites would just drop them.
Arguably that "drastic" action -- cutting off access from a whole TLD -- provides a market-based incentive for that TLD to clean up its act. If enough of the world won't accept mail from a TLD, theoretically its sales would drop and there would be a financial incentive to fix that.
You're an optimist :-) That assumes a lot of the net would block them which I suspect is not the case. But there have been analogues, some quite troublesome. For example organizations buying returned IP address blocks only to find they're in many, many spam databases. Probably why they were returned.
In the absence of any regulatory enforcement of abuse complaints, this is as effective an agent of change as one can hope for.
Universal Acceptance is ICANN's begging the world to live with the products of its TLD expansion, no matter how awful they may be. But given ICANN's lack of any real end-user protections (led by identifiable Board members who believe that end-users are not legitimate stakeholders), this is really the only tool available with which to fight back.
There are other tools but point taken. Another aspect is that with 90+% of all email being spam and as I said earlier typical "real" spammers sending on the order of a billion messages per day there is the issue of bandwidth and resources in general. It's very nice to have strong gates when the barbarians are at the gate but who paid for those gates and, more importantly, there are barbarians out there! I could show you logs of spammers, for example, sending to generated names such as aaaa@theworld.com, aaab@theworld.com, aaac@theworld.com, etc, millions of them, for days or weeks, until they're just blocked at the IP level. And then a customer asks why it took 20 minutes for an email to get to them or why some path they're using (e.g., interactive web site) is so sluggish. Maybe it's all the spam trying to travel along the same path?!?! People tend to think of this problem only in terms of their own mailbox, what spam they did or didn't see, which is understandable. At a governance level we need to also think about the mind-boggling resource consumption and waste of human resources caused by spam. And the inherent criminality of course, fraud etc. Now if you will all open your psalters to page 334 we will...
- Evan
On 17 March 2016 at 05:32, <bzs@theworld.com> wrote:
[is this OT, how did this start?]
I use spamassassin system-wide to increase the spam score of a message from certain TLDs to near the threshold where it's just rejected.
So for example in local.cf I add a rule like:
header DOTTOP_RULE From =~ /.*\.top/i describe DOTTOP_RULE BZS 20160226 score DOTTOP_RULE 2.5
which means just having a .TOP TLD in the From gives it a base score of 2.5, so it wouldn't take much more, tripping some other spamassassin rules, to just get it blocked entirely.
But it means in theory a very non-spammy msg from that TLD might still get through.
-- -Barry Shein
Software Tool & Die | bzs@TheWorld.com | http:// www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo* _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
-- Evan Leibovitch Geneva, CH
Em: evan at telly dot org Sk: evanleibovitch Tw: el56
-- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*