|Main Archive Page > Month Archives > spamassassin-users archives|
On 2:59 PM, Julian Yap wrote:
> NOTE: I changed the domains below to 'dot info' as the mailing list
> rejected my initial submission.
> I'm pretty sure it's not just me but there is some constant spamming
> from dot info domains. Perhaps for the past 2 months or so.
> Often they send hundreds per day and consistently from the same IP's.
dot info domains hadn't crossed my radar, but I decided to look anyway
and found that my logs agree with your notion that 99% (100%?) of dot
info From: addresses are spam. Roughly 75% of mine are caught at the
door by RBL's at the MTA level. Of the ones that get through, another
75% score above my reject threshold. A simple rule to bump the points
of any dot info From: address has now pushed everything to the tag
level, and even many of the tags to rejects.
For what it's worth, the ones making it past the RBL's in the MTA do not
match any stock RCVD_IN_* rules.