General discussion

Locked

Blocking high level domains on email

By Prefbid II ·
I'm curious as to why none of the spam blockers that I have seen allow you to categorically block an entire high-level domain. For example, I know no one in japan and have no reason to expect a ligitimate email from anyone with an ending of .jp. I can set up a rule to filter out those, but that is cumbersome. I would just like the whole high level domain blocked.

Of course if I did get that ability, I would block all of western europe and a good deal of africa too. I'm sure it wouldn't take long for the spammers to realize it and to start sending from more widely accepted high level domains, but it would be good for a while at least.

Is there a ligitimate reason for not blocking high level domains? Or, do some spam filters do it and I'm just behind the times?

This conversation is currently closed to new comments.

10 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Blocking high level domains

by mgfyo01 In reply to Blocking high level domai ...

Hi,

Try MailWasher. It allows you to block highlevel domains (Chinese, Japanes, Korean e-mails) and you can program the filter to block other origins.

Best regards,

Michel FENYO
mgfyo01@adgypac.fr

Collapse -

No reason not to

by pkrdk In reply to Blocking high level domai ...

I too know nobody in Japan, India, Uruguay or whatever, and my mailserver allows to block those. I also block everything from hotmail, exite and some others, but it is an uphill struggle as spammers now use quite exotic domains which are har to keep up with. I add the spamfilter in Thunderbird and this keeps the rest away.
On a company level I do the same, We don't do business with Yemen, Syria, Uruguay and many more, and have no intention to do so, so here a top-level domain blocking is good too. Most companies host their own mail-server, and at least in Lotus Domino you can block whatever you want.

Collapse -

Company wise, do you do it bi CIDR or by domain name?

by DanLM In reply to No reason not to

I have read(and know of) of an updated list of CIDR's that is maintained on Korea and China that some individuals use for blocking all mail from via their router.

Just curious if this is how you did?

I totally agree with this policy. I would love to see an authoritative paper on the amount of spam and what nations it comes from. I'm sure the US is right up there, but I would like to see a nation by nation breakdown.

Dan

Collapse -

Very simple

by pkrdk In reply to Company wise, do you do i ...

Main rule in IT is 'keep it simple', and so we do. We got a list of domain suffixes - google will do that in seconds- and used half an hour copy-and-paste like:
*@*.ad
*@*.ae
*.*.af

that takes care of Andorra, United Arab Emirates and Afghanistan. Continue adding and removing to suit your own needs. Add a spamfilter to catch those from the whitelisted countries,and you're close to being spam free.

Unfortunately this doesn't remove it from the net as such, but you get rid of a lot and viruses etc too.

My last job was in a large international concern, and we found that 70% of the mails transported on the net was spam. Much better to remove those, than buy more bandwith. Work smarter, not harder.

Collapse -

Unnecessary, try something else

by sacre In reply to Blocking high level domai ...

From your company's point of view, you never know when you are starting to get inquiries (and may be even business) from outside of the US. So unless your company refuses to have anything to do with people from outside of the country, it is best you use some other methods of spam detection.

As you have rightly put it, it won't take long for spammers to start sending from more widely accepted high level domains. In fact, as it now stands, these are sometimes randomly generated and some sender domains don't even exist. I have been using reject_unknown_recipient_domain in my postfix configuration. Your mileage may vary.

Collapse -

You can always set a blanket block that kills anything not

by Deadly Ernest In reply to Blocking high level domai ...

on your white list and then just list the domains you're interested in.

A good one is to block everything from yahoo.com and hotmail.com use wild cards before and after - that'll kill off heaps of spam.

Collapse -

Yeah, but....

by MentorCtl In reply to You can always set a blan ...

If you do that -- you might want to let your legitimate responders know.

I am extremely suspicious of HOTMAIL.COM -- if I don't know the sender, it's SPAM!

Collapse -

This certainly works

by J.C.Alexandres In reply to Blocking high level domai ...

I am dealing with the same nightmare, but I at least I was able to drastically reduce the amount of spam setting my e-mail servers to not accept messages to invalid users, a useful setting not enabled by default in most of e-mail servers.

Collapse -

Client Side Outlook "international" rule should help

by pianoguy In reply to Blocking high level domai ...

From the (Microsoft Outlook '03) client side, you can use the Junk Email Options rule found under the International tab as "Blocked Top Level Domain List".

However, as was posted here: (http://techrepublic.com.com/5208-6230-0.html?forumID=102&threadID=207374&messageID=2147800)...not all "from" domains are valid, so other ideas will no doubt improve this. I don't know what the default settings are (appear to be "check all").

Collapse -

What address field is examined?

by gshollingsworth In reply to Client Side Outlook "inte ...

If you are trying to block based on the From: address, then the spammers have long since figured out the workaround. It is trivial to have the From: address appear to originate from any desired domain.

Received lined in the header are not required to have domains listed so DNS lookups would be required for listed ip adresses, but reverse DNS is not a requirement either. Possibly whois? not always accurate or reliable depending on the registrar.

The only thing which is possible is to determine the actual originating ip, but fake received lines in the header also exist. Any ip which can be determined to be a dynamically assigned ip is very likely to be spam. BUT, there are some circumstances where a legit sender can originated from a dynamic ip.

Blocking spam at the destination is much less efficient than blocking at the sources, but still has it's place. ISP's need to implement more spam blocking at the sources. It is far easier to determine spam closer to the origin.

Back to Software Forum
10 total posts (Page 1 of 1)  

Related Discussions

Related Forums