Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SpamAssassin>
  3. users
Coronavirus domains
dwreski at guardiandigital
Mar 17, 2020, 4:52 PM
Post #1 of 3 (431 views)
Permalink
Hi all,

Malwarepatrol has just released a list of 13,000+ domains related to
coronavirus scams:

https://www.malwarepatrol.net/wp-content/uploads/2020/03/covid-19-domains.txt
https://www.malwarepatrol.net/wp-content/uploads/2020/03/covid-19-domains.zip

Anyone else have any rules or changes relating to protecting users from
coronavirus they'd like to share?

dave
Re: Coronavirus domains [ In reply to ]
raymond at prolocation
Mar 17, 2020, 5:26 PM
Post #2 of 3 (431 views)
Permalink
Hello Dave,

> Malwarepatrol has just released a list of 13,000+ domains related to
> coronavirus scams:
>
> https://www.malwarepatrol.net/wp-content/uploads/2020/03/covid-19-domains.txt
> https://www.malwarepatrol.net/wp-content/uploads/2020/03/covid-19-domains.zip
>
> Anyone else have any rules or changes relating to protecting users from
> coronavirus they'd like to share?

Those domain additions (if malicious) will very likely be covered by SURBL
and other domain blacklists.

I have checked the list and some are not inside SURBL, so passing those on
to the team. But many others are seen in mailflows and tagged/added as
such.

Its sad (and obvious) that people will exploit this.

If there is more to add just send submissions to feedback@surbl.org

We are tracking domain additions based on the corona matches, nameservers,
ip's and wildcard searches in the zonefiles and we will do out utterly
best to limit damage of people who try to exploit this as such.

Thanks! Raymond Dijkxhoorn (SURBL)
Re: Coronavirus domains [ In reply to ]
raymond at prolocation
Mar 17, 2020, 5:51 PM
Post #3 of 3 (431 views)
Permalink
Hai!

>> Malwarepatrol has just released a list of 13,000+ domains related to
>> coronavirus scams:
>>
>> https://www.malwarepatrol.net/wp-content/uploads/2020/03/covid-19-domains.txt
>> https://www.malwarepatrol.net/wp-content/uploads/2020/03/covid-19-domains.zip
>>
>> Anyone else have any rules or changes relating to protecting users from
>> coronavirus they'd like to share?
>
> Those domain additions (if malicious) will very likely be covered by SURBL
> and other domain blacklists.
>
> I have checked the list and some are not inside SURBL, so passing those on to
> the team. But many others are seen in mailflows and tagged/added as such.
>
> Its sad (and obvious) that people will exploit this.

Just to be uberclear about this list. The complete list you linked is
definately not 'related to coronavirus scams'

Its the complete list that they found that is matchine 'corona' and some
other terms that they saw as newly registed domains.

This is what they stated:

'The list is based solely on the terms used to register the domains, no
other assumptions are made'

So outright blocking would also mean you are blocking potentially sites
that are trying to help. But this might be obvious...

Bye, Raymond

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal