Blocking of entire gTLDs

There will always be opinions, both good and bad on how MagicSpam protection, rules and policies are used, and what the defaults should be. Different environments may have different needs. We try to find the perfect balance, and that is not always easy. Just remember that we have to satisfy millions of users.. not just one person.

Moderators: wizard, magicspam

Post Reply
rgfincher
Posts: 4
Joined: Tue Apr 30, 2019 4:32 am
Location: London, UK
Contact:

Blocking of entire gTLDs

Post by rgfincher » Sun Mar 07, 2021 7:19 am

Dear MagicSpam.

The ability to block entire countries' domain names in their incoming emails has proved very popular with our customers.
However, we badly need to be able to do the same thing with non-country-specific domain name types. There are several types in particular which seem only ever to be used by spammers and other bad actors. For some time the ".xyz" domain suffix has been a major problem. .cyou has also cropped up recently.

I realise that having a complete list of these as a drop-down in MagicSpam would be problematic, because there are now so many of them, and because new ones are being added at regular intervals.

I have tried to use the wildcard method in "Exceptions", but I don't think this works when the matching conditions are this broad?

Please help!

magicspam
Posts: 1563
Joined: Tue Oct 28, 2008 2:27 pm

Re: Blocking of entire gTLDs

Post by magicspam » Mon Mar 08, 2021 3:58 pm

Hello rgfincher,

Thank you for your post.

The option to blacklist entire top level domains can be used in MagicSpam interface:

Anti-Spam >> Exemptions >> Sender From Black List

where you can use '*' Wildcard to specify the top level domain you want to block:

e.g.
*@*.tld

Another thing you could look into is to review a few samples of the 'uncaught' sources (via the MagicSpam Log Viewer) and see if the IP address is on a particular block list at http://www.linuxmagic.com/bms - based on what you are describing we suspect that you will likely find the majority of these messages are coming from a specific IP address or subnet that is likely already listed as a spam source that may be on a list that you do not at this time have enabled.

Also if you are still having an issue with uncaught spam on your system, could you please send us your MagicSpam logs for analysis at:

support@magicspam.com

To retrieve MagicSpam logs, you can use the MagicSpam interface and access the "Logs" tab.

In the log search result output, you have the option to export/save the log search results to a CSV file. Once you have the CSV file, you can email that as an attachment to us for examination using your email client.

Please make sure that you remove entries where mua=yes and highlight only HAM entries that are spam.

Also, can you please send us screenshots of the following two tabs in your MagicSpam control panel:

Settings / Server Policies
and
Settings / IP Reputation

With the requested information, we will be able to provide better suggestions for addressing the uncaught spam issue.

Thank you.
-- MagicSpam Support Team --

rgfincher
Posts: 4
Joined: Tue Apr 30, 2019 4:32 am
Location: London, UK
Contact:

Re: Blocking of entire gTLDs

Post by rgfincher » Tue Mar 16, 2021 10:26 am

Sorry, that doesn't work ( *@*.xyz )
I think only one wildcard sign is allowed.

The headers are fairly simple :

Return-Path: <MAILER-DAEMON>
X-Original-To: cbernd@REDACTED.co.uk
Delivered-To: cbern@ REDACTED.co.uk
Received: from societegenerale.com (unknown [13.95.93.92])
by mail5.101cloud.co.uk (Postfix) with ESMTP id 0B3813B95D
for <cbern@REDACTED.co.uk >; Tue, 16 Mar 2021 17:12:46 +0000 (GMT)
Date: Tue, 16 Mar 2021 11:48:07 -0500
Message-ID: <15936348118767.jS0LTMkh1MzzTGBTGe6cMygzf-q@641722328232deutschweb.xyz>
From: Royal Mail <Contact-214@deutschweb.xyz>
To: cbern@REDACTED.co.uk
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-Gm-Message-State: sY+tZ/iaTFvTnTnjTJkMJnXTqDHGJTsuRTmtvicKEwQcFCCAK+O2zi7R2
Subject: =?utf-8?Q?Tell_us_about_your_Shipping_experience_and_we_will_offer_you_an_exclusive_offer_worth_=C2=A390_or_more_=F0=9F=8E=81?=

magicspam
Posts: 1563
Joined: Tue Oct 28, 2008 2:27 pm

Re: Blocking of entire gTLDs

Post by magicspam » Tue Mar 16, 2021 2:00 pm

Hello rgfincher,

Thank you for providing us with the headers.

From our understanding, you were able to blacklist these domains. Is that correct?

If you need any further help to deal with these uncaught spam, please send us your MagicSpam logs for analysis at:

support@magicspam.com

The instructions to retrieve the MagicSpam logs can be found on our previous message.

Please let us know if you have any further questions.
-- MagicSpam Support Team --

rgfincher
Posts: 4
Joined: Tue Apr 30, 2019 4:32 am
Location: London, UK
Contact:

Re: Blocking of entire gTLDs

Post by rgfincher » Wed Mar 17, 2021 8:57 am

Sorry, I am not able to block these domain names.

It accepted the string *@*.xyz as a rule, but it doesn't actually block the emails in question.

magicspam
Posts: 1563
Joined: Tue Oct 28, 2008 2:27 pm

Re: Blocking of entire gTLDs

Post by magicspam » Wed Mar 17, 2021 9:59 am

Hello rgfincher,

Thank you for your post.

In order to avoid exposing sensitive information here, it would be very helpful if you could send us the MagicSpam logs for examination at:

support@magicspam.com

To retrieve MagicSpam logs, you can use the MagicSpam interface and access the "Logs" tab.

In the log search result output, you have the option to export/save the
log search results to a CSV file. Please Email the CSV file as an
attachment to us.

Please make sure that you remove entries where mua=yes and highlight only HAM entries that are spam.

Also, can you please send us screenshots of the following two tabs in
your MagicSpam control panel:

* Anti-Spam / Spam Policies
* Anti-Spam / IP Reputation

Lastly, could you provide us with the following:

1. Operating system version and architecture
2. MagicSpam version
3. Were there any recent updates or upgrades in your server?
4. Was this a fresh MagicSpam installation?
5. What is the version of your web panel?

Please let us know if you have any further questions.
-- MagicSpam Support Team --

Post Reply

Return to “Discussions on Spam Protection Policies and Default Rules”

Who is online

Users browsing this forum: No registered users and 6 guests