ICANN opens up Pandora's Box of new TLDs

Rich Kulawiec rsk at gsp.org
Sat Jun 28 10:48:54 UTC 2008


On Fri, Jun 27, 2008 at 01:40:03PM -0700, David Conrad wrote:
>
> On Jun 27, 2008, at 5:22 AM, Alexander Harrowell wrote:
>> Well, at least the new TLDs will promote DNS-based cruft filtration.  
>> You can
>> already safely ignore anything with a .name, .biz, .info, .tv suffix, 
>> to
>> name just the worst.
>
> Does this actually work?  The vast majority of spam I receive has an  
> origin that doesn't reverse map.  

Best practice is refuse all mail that comes from any host lacking rDNS,
since that host doesn't meet the minimum requirements for a mail server.

After that, other sanity checks (such as matching forward DNS, valid HELO,
proper wait for SMTP greeting, etc.) also knock out a good chunk of spam.

Yes, some of these also impact non-spamming but broken mail servers,
however, this is usually the only way to get the attention of their
operators and persuade them to effect repairs.

Beyond that, blocking of various gTLDs and ccTLDs and network allocations
works nicely, depending on what your particular mix of inbound spam/not-spam
is.  Understanding of your own inbound mail mix is crucial to deciding
which ones are viable for your operation.  Locally, I've had .cn and .kr
along with their entire network allocations blacklisted for years, and
this has worked nicely; but clearly it wouldn't work well for, say,
a major US research university.

Locally, .name, .info and .tv are permanently blacklisted, and I recommend
this to others: they're all heavily spammer-infested.  .biz is not
blacklisted at the moment, largely because it's been so badly ravaged
that spammers *appear* to be abandoning it.

---Rsk





More information about the NANOG mailing list