ICANN opens up Pandora's Box of new TLDs

Marshall Eubanks tme at multicasttech.com
Sat Jun 28 13:48:01 UTC 2008


On Jun 28, 2008, at 6:48 AM, Rich Kulawiec wrote:

> On Fri, Jun 27, 2008 at 01:40:03PM -0700, David Conrad wrote:
>>
>> On Jun 27, 2008, at 5:22 AM, Alexander Harrowell wrote:
>>> Well, at least the new TLDs will promote DNS-based cruft filtration.
>>> You can
>>> already safely ignore anything with a .name, .biz, .info, .tv  
>>> suffix,
>>> to
>>> name just the worst.
>>
>> Does this actually work?  The vast majority of spam I receive has an
>> origin that doesn't reverse map.
>
> Best practice is refuse all mail that comes from any host lacking  
> rDNS,
> since that host doesn't meet the minimum requirements for a mail  
> server.
>
> After that, other sanity checks (such as matching forward DNS, valid  
> HELO,
> proper wait for SMTP greeting, etc.) also knock out a good chunk of  
> spam.
>
> Yes, some of these also impact non-spamming but broken mail servers,
> however, this is usually the only way to get the attention of their
> operators and persuade them to effect repairs.
>
> Beyond that, blocking of various gTLDs and ccTLDs and network  
> allocations
> works nicely, depending on what your particular mix of inbound spam/ 
> not-spam
> is.  Understanding of your own inbound mail mix is crucial to deciding
> which ones are viable for your operation.  Locally, I've had .cn  
> and .kr
> along with their entire network allocations blacklisted for years, and
> this has worked nicely; but clearly it wouldn't work well for, say,
> a major US research university.
>
> Locally, .name, .info and .tv are permanently blacklisted, and I  
> recommend
> this to others: they're all heavily spammer-infested.  .biz is not
> blacklisted at the moment, largely because it's been so badly ravaged
> that spammers *appear* to be abandoning it.

Hmm. Looking at the recent spam collection plus email archive for the  
accounts I host for

SPAM (recent messages only)

13864 messages -   57 from .info rate =  0.4 %
13864 messages - 8761 from  .com rate = 63.1 %

Non-SPAM (going back ~ two years)

122846 messages -   607 from .info - rate = 0.5 %
122846 messages - 71888 from .com  - rate = 58.5 %

I don't see any strong reason to drop .info traffic here.

Note, btw, that at least Joe Abley, Andrew Sullivan and Brian Dickson  
post to NANOG repeatedly from .info

Regards
Marshall

>
>
> ---Rsk
>
>





More information about the NANOG mailing list