Mailing List Archive

My 10 years old domain have a bad TLD
Hi,

I own and manage sondages.pro domain since more than 10 years now.
Since some week now, my spamassassin score is lower than before.

Seems some version give a -2 score. Maybe since a debian update.
I never send any spam email.

When looking at spam received : i receive a lot more spam from .com TLD
than .pro TLD.

Is there a way other than change my domain to fix score and get again a
perfect score .

Thansk a lot,
Denis
Re: My 10 years old domain have a bad TLD [ In reply to ]
On 03/05/2021 08:15, Denis Chenu wrote:
> Hi,
>
> I own and manage sondages.pro domain since more than 10 years now.
> Since some week now, my spamassassin score is lower than before.
>
> Seems some version give a -2 score. Maybe since a debian update.
> I never send any spam email.
>
> When looking at spam received : i receive a lot more spam from .com
> TLD than .pro TLD.
>
> Is there a way other than change my domain to fix score and get again
> a perfect score .
>
> Thansk a lot,
> Denis
>
I see that .pro is included in KAM_FUN (via _KAM_FUN1) which gives +7.75
to SA score. I am not sure if this is a recent change.

Those of us who use the KAM rules will be affected by this unless of
course we code an exception for your domain.

I have another personal rule which adds +6 for 'unusual' domains -
including .pro - so your chance of getting an email through to my users
is zero (sorry), unless indirectly (e.g. via mailing list).
Re: My 10 years old domain have a bad TLD [ In reply to ]
Le 03/05/2021 à 09:28, Dominic Raferd a écrit :
> On 03/05/2021 08:15, Denis Chenu wrote:
>> Hi,
>>
>> I own and manage sondages.pro domain since more than 10 years now.
>> Since some week now, my spamassassin score is lower than before.
>>
>> Seems some version give a -2 score. Maybe since a debian update.
>> I never send any spam email.
>>
>> When looking at spam received : i receive a lot more spam from .com
>> TLD than .pro TLD.
>>
>> Is there a way other than change my domain to fix score and get again
>> a perfect score .
>>
>> Thansk a lot,
>> Denis
>>
> I see that .pro is included in KAM_FUN (via _KAM_FUN1) which gives +7.75
> to SA score. I am not sure if this is a recent change.
>
> Those of us who use the KAM rules will be affected by this unless of
> course we code an exception for your domain.
>
> I have another personal rule which adds +6 for 'unusual' domains -
> including .pro - so your chance of getting an email through to my users
> is zero (sorry), unless indirectly (e.g. via mailing list).
>
>

But pro is not a new domain, exist since June 2004.

And clearly : i never receive any spam fro .pro domain myself.

Currently .co seems a lot more used for spam.
And this domain (.co) are not in
https://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/pds/20_ntld.cf?view=markup

.pro have a -1 with SUSP_URI_NTLD_PRO.

on spamhaus : pro = 1.7% bad (score 0.09)

Then what minimal score is required to be allowed ?

Else : if i am a spammer : i look of update of SpamAssassin NTLD and
avoid this tld.

Clearly : .biz or .online are used some year ago, but i don't see a lot
now for example.

Denis
Re: My 10 years old domain have a bad TLD [ In reply to ]
I'm not an exception :

See https://www.spamhaus.org/statistics/tlds/ ,
More the 98% of pro seems valid.

And we can compare :
eu = 1.4% bad (score 0.10)
pro = 1.7% bad (score 0.09)

Not a big difference …

But :
com = 3.4% bad (score 0.42)

And you think .com is better than .pro ?
Really ?



Le 03/05/2021 à 10:43, Marc a écrit :
> Maybe you are the exception to the rule.
Re: My 10 years old domain have a bad TLD [ In reply to ]
> .pro have a -1 with SUSP_URI_NTLD_PRO.

Is that really minus 1? Negative scores are good, they counteract spammy
scores, which are positive.

Loren
Re: My 10 years old domain have a bad TLD [ In reply to ]
>>.pro have a -1 with SUSP_URI_NTLD_PRO.

On 03.05.21 03:43, Loren Wilton wrote:
>Is that really minus 1? Negative scores are good, they counteract
>spammy scores, which are positive.

(nearly) plus one:

72_active.cf:header PDS_PRO_TLD eval:check_uri_host_listed('SUSP_URI_NTLD_PRO')
72_active.cf:enlist_uri_host (SUSP_URI_NTLD_PRO) pro

72_active.cf:header PDS_PRO_TLD eval:check_uri_host_listed('SUSP_URI_NTLD_PRO')
72_active.cf:describe PDS_PRO_TLD .pro TLD
72_scores.cf:score PDS_PRO_TLD 0.999 0.998 0.999 0.998




--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
REALITY.SYS corrupted. Press any key to reboot Universe.
Re: My 10 years old domain have a bad TLD [ In reply to ]
On 03/05/2021 18:15, Denis Chenu wrote:

> Le 03/05/2021 à 09:28, Dominic Raferd a écrit : On 03/05/2021 08:15,
> Denis Chenu wrote: Hi,
>
> I own and manage sondages.pro domain since more than 10 years now.
> Since some week now, my spamassassin score is lower than before.
>
> Seems some version give a -2 score. Maybe since a debian update.
> I never send any spam email.
>
> When looking at spam received : i receive a lot more spam from .com TLD
> than .pro TLD.
>
> Is there a way other than change my domain to fix score and get again a
> perfect score .
>
> Thansk a lot,
> Denis
>
> I see that .pro is included in KAM_FUN (via _KAM_FUN1) which gives
> +7.75 to SA score. I am not sure if this is a recent change.
>
> Those of us who use the KAM rules will be affected by this unless of
> course we code an exception for your domain.
>
> I have another personal rule which adds +6 for 'unusual' domains -
> including .pro - so your chance of getting an email through to my users
> is zero (sorry), unless indirectly (e.g. via mailing list).

But pro is not a new domain, exist since June 2004.

And clearly : i never receive any spam fro .pro domain myself.

Currently .co seems a lot more used for spam.
And this domain (.co) are not in
https://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/pds/20_ntld.cf?view=markup

.pro have a -1 with SUSP_URI_NTLD_PRO.

on spamhaus : pro = 1.7% bad (score 0.09)

Then what minimal score is required to be allowed ?

Else : if i am a spammer : i look of update of SpamAssassin NTLD and
avoid this tld.

Clearly : .biz or .online are used some year ago, but i don't see a lot
now for example.

Denis

We seem to see different depending where we are, here in Australia, I do
not see .pro as a problem at all, .online and .xyz certainly are a
problem however

--
Regards,
Noel Butler

This Email, including attachments, may contain legally privileged
information, therefore at all times remains confidential and subject to
copyright protected under international law. You may not disseminate
this message without the authors express written authority to do so.
If you are not the intended recipient, please notify the sender then
delete all copies of this message including attachments immediately.
Confidentiality, copyright, and legal privilege are not waived or lost
by reason of the mistaken delivery of this message.
Re: My 10 years old domain have a bad TLD [ In reply to ]
On Mon, 3 May 2021 03:43:03 -0700
Loren Wilton wrote:

> > .pro have a -1 with SUSP_URI_NTLD_PRO.
>
> Is that really minus 1? Negative scores are good, they counteract
> spammy scores, which are positive.

mail-tester.com will run spamassassin on test emails. For some reason
they switch the sign on scores.
Re: My 10 years old domain have a bad TLD [ In reply to ]
Yes,

You'r right. Sorry :)

I think : a bad score : minus .

Denis


Le 03/05/2021 à 12:57, Matus UHLAR - fantomas a écrit :
>>> .pro have a -1 with SUSP_URI_NTLD_PRO.
>
> On 03.05.21 03:43, Loren Wilton wrote:
>> Is that really minus 1? Negative scores are good, they counteract
>> spammy scores, which are positive.
>
> (nearly) plus one:
>
> 72_active.cf:header   PDS_PRO_TLD
> eval:check_uri_host_listed('SUSP_URI_NTLD_PRO')
> 72_active.cf:enlist_uri_host (SUSP_URI_NTLD_PRO) pro
>
> 72_active.cf:header   PDS_PRO_TLD
> eval:check_uri_host_listed('SUSP_URI_NTLD_PRO')
> 72_active.cf:describe PDS_PRO_TLD .pro TLD
> 72_scores.cf:score PDS_PRO_TLD                           0.999 0.998
> 0.999 0.998
>
>
>
>
Re: My 10 years old domain have a bad TLD [ In reply to ]
On Mon, 3 May 2021, Denis Chenu wrote:

> Is there a way other than change my domain to fix score and get again a
> perfect score .

If you obsess about a "perfect score" you will never be happy. If all
you're getting dinged for is one point for your unusual TLD, your mail is
still getting through.

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Are you a mildly tech-literate politico horrified by the level of
ignorance demonstrated by lawmakers gearing up to regulate online
technology they don't even begin to grasp? Cool. Now you have a
tiny glimpse into a day in the life of a gun owner. -- Sean Davis
-----------------------------------------------------------------------
5 days until the 76th anniversary of VE day
Re: My 10 years old domain have a bad TLD [ In reply to ]
Hi Denis


On 5/3/21 10:15 AM, Denis Chenu wrote:
> And clearly : i never receive any spam fro .pro domain myself.


you said the right word: myself. It all depends on your millage.

We get a lot of spams/non-coi a day from .pro domains. Sure .com sends
more spam but that might be due to fact that TLD .com has one or two
domains more than .pro ;-) And do not forget that it's not just the
senderdomain but also URI links in messages that uses .pro even they're
sent from different sender TLD.

--
Cheers

tobi
Re: My 10 years old domain have a bad TLD [ In reply to ]
Yes,

You receive spam from pro and then all pro gTLD owner received a punishment.

It's same for all gTLDS, like the old teachers who punish a whole school
class.

And about number : please check https://www.spamhaus.org/statistics/tlds/ ,
More the 98% of pro seems valid, then punish 98% of people for less than
2%.
Great !

I ask : how can i know and own a domain on gTLD and know when it was
moved to this list ?
At 1% ? at 2% ? At 10% ?

Orjust because someone want it without any rules ?
What is the rules of
https://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/pds/20_ntld.cf
?

If there are no rules : i create a pull request and delete whole on it …




Le 04/05/2021 à 07:17, jahlives@gmx.ch a écrit :
> Hi Denis
>
>
> On 5/3/21 10:15 AM, Denis Chenu wrote:
>> And clearly : i never receive any spam fro .pro domain myself.
>
>
> you said the right word: myself. It all depends on your millage.
>
> We get a lot of spams/non-coi a day from .pro domains. Sure .com sends
> more spam but that might be due to fact that TLD .com has one or two
> domains more than .pro ;-) And do not forget that it's not just the
> senderdomain but also URI links in messages that uses .pro even they're
> sent from different sender TLD.
>
> --
> Cheers
>
> tobi
>
>
Re: My 10 years old domain have a bad TLD [ In reply to ]
This particular rule was split out from the more generic SUSP_URI_NTLD rule
due to a conversation about this particular TLD recently.

The consensus was to create an individual rule so that mass check could
check the TLD on its own merit -
https://ruleqa.spamassassin.org/20210503-r1889443-n/PDS_PRO_TLD/detail.
Masscheck has a maximum score of 1.0 for this rule.

The score is derived from the combined corpus of our contributors to ensure
minimal false positives of ham being detected as spam - that is, scoring
5.0 or more.

I feel that mail-tester.com creates the impression that you should have no
matching "bad" rules, ever, which isn't true or how masscheck/SA works.

Paul



On Tue, 4 May 2021 at 07:28, Denis Chenu <courriel+spamassassin@shnoulle.net>
wrote:

> Yes,
>
> You receive spam from pro and then all pro gTLD owner received a
> punishment.
>
> It's same for all gTLDS, like the old teachers who punish a whole school
> class.
>
> And about number : please check https://www.spamhaus.org/statistics/tlds/
> ,
> More the 98% of pro seems valid, then punish 98% of people for less than
> 2%.
> Great !
>
> I ask : how can i know and own a domain on gTLD and know when it was
> moved to this list ?
> At 1% ? at 2% ? At 10% ?
>
> Orjust because someone want it without any rules ?
> What is the rules of
>
> https://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/pds/20_ntld.cf
> ?
>
> If there are no rules : i create a pull request and delete whole on it …
>
>
>
>
> Le 04/05/2021 à 07:17, jahlives@gmx.ch a écrit :
> > Hi Denis
> >
> >
> > On 5/3/21 10:15 AM, Denis Chenu wrote:
> >> And clearly : i never receive any spam fro .pro domain myself.
> >
> >
> > you said the right word: myself. It all depends on your millage.
> >
> > We get a lot of spams/non-coi a day from .pro domains. Sure .com sends
> > more spam but that might be due to fact that TLD .com has one or two
> > domains more than .pro ;-) And do not forget that it's not just the
> > senderdomain but also URI links in messages that uses .pro even they're
> > sent from different sender TLD.
> >
> > --
> > Cheers
> >
> > tobi
> >
> >
>
Re: My 10 years old domain have a bad TLD [ In reply to ]
> The score is derived from the combined corpus of our contributors to
> ensure minimal false positives of ham being detected as spam - that is,
> scoring 5.0 or more.
>

I don't feel I've done masscheck justice here. The routine is a lot more
complex than this! I should also note that masscheck tries its best to get
verified ham email to score as low as possible, for example.

Sometimes it's not possible to have good spam detection without a little
collateral - you should always need to have multiple rules, or
combinations, that tips you over the spam level.
Re: My 10 years old domain have a bad TLD [ In reply to ]
On Tue, May 04, 2021 at 08:31:02AM +0100, Paul Stead wrote:
>
> The score is derived from the combined corpus of our contributors to ensure
> minimal false positives of ham being detected as spam - that is, scoring 5.0 or
> more.
>
> I feel that [2]mail-tester.com creates the impression that you should have no
> matching "bad" rules, ever, which isn't true or how masscheck/SA works.

To be fair, we are very much lacking masscheckers to have a good view of
global mail.

If anyone has a decend mail flow, help is welcome. Even a few hundreds of
varied messages per month would help:

https://cwiki.apache.org/confluence/display/SPAMASSASSIN/NightlyMassCheck
Re: My 10 years old domain have a bad TLD [ In reply to ]
> To be fair, we are very much lacking masscheckers to have a good view of
> global mail.
>

Agreed!


> If anyone has a decend mail flow, help is welcome. Even a few hundreds of
> varied messages per month would help:
>
> https://cwiki.apache.org/confluence/display/SPAMASSASSIN/NightlyMassCheck
>

Join us! Help us!
Re: My 10 years old domain have a bad TLD [ In reply to ]
Le 04/05/2021 à 09:47, Paul Stead a écrit :
>
> To be fair, we are very much lacking masscheckers to have a good view of
> global mail.
>
>
> Agreed!
>
>
> If anyone has a decend mail flow, help is welcome.  Even a few
> hundreds of
> varied messages per month would help:
>
> https://cwiki.apache.org/confluence/display/SPAMASSASSIN/NightlyMassCheck
> <https://cwiki.apache.org/confluence/display/SPAMASSASSIN/NightlyMassCheck>
>
>
> Join us! Help us!

Thank you for all this great information !

I didn't receive a lot of mail, but i check how to helpe.

Denis
Re: My 10 years old domain have a bad TLD [ In reply to ]
On Tue, 2021-05-04 at 08:28 +0200, Denis Chenu wrote:
> Yes,
>
> You receive spam from pro and then all pro gTLD owner received a punishment.
>
> It's same for all gTLDS, like the old teachers who punish a whole school
> class.
>

You're right, but as someone who blocks .pro.... I don't care anymore.
I've wasted half my life fighting assholes who make money by wasting my
time. To a few decimal points, 100% of the mail we get from .pro
domains is spam. I don't care about right or wrong, I just want the
spam to stop, and blocking all of .pro is the easiest way to do that.
You can email postmaster@ to be whitelisted if you're legitimate.
Re: My 10 years old domain have a bad TLD [ In reply to ]
On Tue, 4 May 2021, Denis Chenu wrote:

> Yes,
>
> You receive spam from pro and then all pro gTLD owner received a punishment.

One whole point. Wooo.

You're badly overreacting to this. This rule is not a "poison pill", it
will not by itself put your mail over a threshold leading to it being
quarantined, rejected or discarded.


--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The only solution for bad and violent people is
good people who are more skilled at violence. -- Samurai Bushido
-----------------------------------------------------------------------
4 days until the 76th anniversary of VE day
Re: My 10 years old domain have a bad TLD [ In reply to ]
Hi Dominic,


Le 03/05/2021 à 09:28, Dominic Raferd a écrit :

> I have another personal rule which adds +6 for 'unusual' domains -
> including .pro - so your chance of getting an email through to my users
> is zero (sorry), unless indirectly (e.g. via mailing list).
>
>

I have a question about this : you don't offer any way to postmaster of
«unusual» domain to contact you postmaster ?

I hope you send a SMTP error code to inform clean user you disallow them
to send email.

Denis
Re: My 10 years old domain have a bad TLD [ In reply to ]
On Wednesday 05 May 2021 at 12:15:41, Denis Chenu wrote:

> Hi Dominic,
>
> Le 03/05/2021 à 09:28, Dominic Raferd a écrit :
> > I have another personal rule which adds +6 for 'unusual' domains -
> > including .pro - so your chance of getting an email through to my users
> > is zero (sorry), unless indirectly (e.g. via mailing list).
>
> I have a question about this : you don't offer any way to postmaster of
> «unusual» domain to contact you postmaster ?
>
> I hope you send a SMTP error code to inform clean user you disallow them
> to send email.

Why not just send a private email and find out? You could even send it to the
postmaster address.


Antony.

--
Never write it in Perl if you can do it in Awk.
Never do it in Awk if sed can handle it.
Never use sed when tr can do the job.
Never invoke tr when cat is sufficient.
Avoid using cat whenever possible.

Please reply to the list;
please *don't* CC me.
Re: My 10 years old domain have a bad TLD [ In reply to ]
On 05/05/2021 11:23, Antony Stone wrote:
> On Wednesday 05 May 2021 at 12:15:41, Denis Chenu wrote:
>
>> Hi Dominic,
>>
>> Le 03/05/2021 à 09:28, Dominic Raferd a écrit :
>>> I have another personal rule which adds +6 for 'unusual' domains -
>>> including .pro - so your chance of getting an email through to my users
>>> is zero (sorry), unless indirectly (e.g. via mailing list).
>> I have a question about this : you don't offer any way to postmaster of
>> «unusual» domain to contact you postmaster ?
>>
>> I hope you send a SMTP error code to inform clean user you disallow them
>> to send email.
> Why not just send a private email and find out? You could even send it
to the
> postmaster address.

Good tip. In my case, whatever address you send it to it is likely to
end up in quarantine where someone (er, me) will review it. You won't be
automatically notified about this.

I have modified my local.cf so that TLDs that are already penalised by
__KAM_FUN1 are not further penalised.