spamassassin-users October 2010 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: Constant .info domain spam

Re: Constant .info domain spam

From: Jason Bertoch <jason_at_nospam>
Date: Thu Oct 14 2010 - 14:24:23 GMT

On 2:59 PM, Julian Yap wrote:
> NOTE: I changed the domains below to 'dot info' as the mailing list
> rejected my initial submission.
> I'm pretty sure it's not just me but there is some constant spamming
> from dot info domains. Perhaps for the past 2 months or so.
> Often they send hundreds per day and consistently from the same IP's.

dot info domains hadn't crossed my radar, but I decided to look anyway
and found that my logs agree with your notion that 99% (100%?) of dot
info From: addresses are spam. Roughly 75% of mine are caught at the
door by RBL's at the MTA level. Of the ones that get through, another
75% score above my reject threshold. A simple rule to bump the points
of any dot info From: address has now pushed everything to the tag
level, and even many of the tags to rejects.

For what it's worth, the ones making it past the RBL's in the MTA do not
match any stock RCVD_IN_* rules.

-- /Jason