Mailing List Archive

Untrustworthy TLDs and KAM
Hi,

Four points for a .online TLD with KAM rules

* 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
* [URI: www.lci-mtc.online (online)]

* 2.0 KAM_SOMETLD_ARE_BAD_TLD .bar, .buzz, .cam, .casa, .cfd, .club,
* .date, .guru, .live, .online, .press, .pw, .quest, .rest, .sbs,
* .shop, .stream, .top, .trade, .work, .xyz TLD abuse

$ spamassassin --version
SpamAssassin version 4.0.0-r1898781
running on Perl version 5.34.1
Re: Untrustworthy TLDs and KAM [ In reply to ]
Did it cause a fp with a score of 5.0 or higher?

On Sun, May 1, 2022, 21:46 Alex <mysqlstudent@gmail.com> wrote:

> Hi,
>
> Four points for a .online TLD with KAM rules
>
> * 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
> * [URI: www.lci-mtc.online (online)]
>
> * 2.0 KAM_SOMETLD_ARE_BAD_TLD .bar, .buzz, .cam, .casa, .cfd, .club,
> * .date, .guru, .live, .online, .press, .pw, .quest, .rest, .sbs,
> * .shop, .stream, .top, .trade, .work, .xyz TLD abuse
>
> $ spamassassin --version
> SpamAssassin version 4.0.0-r1898781
> running on Perl version 5.34.1
>
Re: Untrustworthy TLDs and KAM [ In reply to ]
.online will be a problem for us, a quick grep of 2 mail servers shows a
good few FPs, also doubling up seems counter productive, but add those
with pother rules and it easily triggers limits

On 02/05/2022 11:47, Kevin A. McGrail wrote:

> Did it cause a fp with a score of 5.0 or higher?
>
> On Sun, May 1, 2022, 21:46 Alex <mysqlstudent@gmail.com> wrote:
>
>> Hi,
>>
>> Four points for a .online TLD with KAM rules
>>
>> * 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
>> * [URI: www.lci-mtc.online (online)]
>>
>> * 2.0 KAM_SOMETLD_ARE_BAD_TLD .bar, .buzz, .cam, .casa, .cfd, .club,
>> * .date, .guru, .live, .online, .press, .pw, .quest, .rest, .sbs,
>> * .shop, .stream, .top, .trade, .work, .xyz TLD abuse
>>
>> $ spamassassin --version
>> SpamAssassin version 4.0.0-r1898781
>> running on Perl version 5.34.1

--
Regards,
Noel Butler

This Email, including attachments, may contain legally privileged
information, therefore at all times remains confidential and subject to
copyright protected under international law. You may not disseminate
this message without the authors express written authority to do so.
If you are not the intended recipient, please notify the sender then
delete all copies of this message including attachments immediately.
Confidentiality, copyright, and legal privilege are not waived or lost
by reason of the mistaken delivery of this message.
Re: Untrustworthy TLDs and KAM [ In reply to ]
Feel free to submit fps for review.

On Sun, May 1, 2022, 21:56 Noel Butler <noel.butler@ausics.net> wrote:

> .online will be a problem for us, a quick grep of 2 mail servers shows a
> good few FPs, also doubling up seems counter productive, but add those with
> pother rules and it easily triggers limits
>
>
> On 02/05/2022 11:47, Kevin A. McGrail wrote:
>
> Did it cause a fp with a score of 5.0 or higher?
>
> On Sun, May 1, 2022, 21:46 Alex <mysqlstudent@gmail.com> wrote:
>
> Hi,
>
> Four points for a .online TLD with KAM rules
>
> * 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
> * [URI: www.lci-mtc.online (online)]
>
> * 2.0 KAM_SOMETLD_ARE_BAD_TLD .bar, .buzz, .cam, .casa, .cfd, .club,
> * .date, .guru, .live, .online, .press, .pw, .quest, .rest, .sbs,
> * .shop, .stream, .top, .trade, .work, .xyz TLD abuse
>
> $ spamassassin --version
> SpamAssassin version 4.0.0-r1898781
> running on Perl version 5.34.1
>
>
> --
>
> Regards,
> Noel Butler
>
> This Email, including attachments, may contain legally privileged
> information, therefore at all times remains confidential and subject to
> copyright protected under international law. You may not disseminate this
> message without the authors express written authority to do so. If you
> are not the intended recipient, please notify the sender then delete all
> copies of this message including attachments immediately. Confidentiality,
> copyright, and legal privilege are not waived or lost by reason of the
> mistaken delivery of this message.
>
>
>
Re: Untrustworthy TLDs and KAM [ In reply to ]
I've dropped both the scores substantially so if it triggers as spam
there must be other noticeable nastiness.

(There's a reason we've never submitted fp's for review, Australia has
very strong privacy laws, not quite as strong as Germany, but close to
it, we have to have users submit them directly, and history shows they
don't, so I just drop the scores for obvious over-reach and move on, I
made the comment just to advise the OP is not the only one seeing it)

Cheers

On 02/05/2022 12:14, Kevin A. McGrail wrote:

> Feel free to submit fps for review.
>
> On Sun, May 1, 2022, 21:56 Noel Butler <noel.butler@ausics.net> wrote:
>
> .online will be a problem for us, a quick grep of 2 mail servers shows
> a good few FPs, also doubling up seems counter productive, but add
> those with pother rules and it easily triggers limits
>
> On 02/05/2022 11:47, Kevin A. McGrail wrote:
>
> Did it cause a fp with a score of 5.0 or higher?
>
> On Sun, May 1, 2022, 21:46 Alex <mysqlstudent@gmail.com> wrote: Hi,
>
> Four points for a .online TLD with KAM rules
>
> * 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
> * [URI: www.lci-mtc.online (online)]
>
> * 2.0 KAM_SOMETLD_ARE_BAD_TLD .bar, .buzz, .cam, .casa, .cfd, .club,
> * .date, .guru, .live, .online, .press, .pw, .quest, .rest, .sbs,
> * .shop, .stream, .top, .trade, .work, .xyz TLD abuse
>
> $ spamassassin --version
> SpamAssassin version 4.0.0-r1898781
> running on Perl version 5.34.1

--
Regards,
Noel Butler

This Email, including attachments, may contain legally privileged
information, therefore at all times remains confidential and subject to
copyright protected under international law. You may not disseminate
this message without the authors express written authority to do so.
If you are not the intended recipient, please notify the sender then
delete all copies of this message including attachments immediately.
Confidentiality, copyright, and legal privilege are not waived or lost
by reason of the mistaken delivery of this message.

--
Regards,
Noel Butler

This Email, including attachments, may contain legally privileged
information, therefore at all times remains confidential and subject to
copyright protected under international law. You may not disseminate
this message without the authors express written authority to do so.
If you are not the intended recipient, please notify the sender then
delete all copies of this message including attachments immediately.
Confidentiality, copyright, and legal privilege are not waived or lost
by reason of the mistaken delivery of this message.
Re: Untrustworthy TLDs and KAM [ In reply to ]
On Sun, May 1, 2022 at 9:47 PM Kevin A. McGrail <kmcgrail@apache.org> wrote:
>
> Did it cause a fp with a score of 5.0 or higher?

Yes.

https://pastebin.com/AqezMHjQ

Thanks!
Re: Untrustworthy TLDs and KAM [ In reply to ]
Thanks Alex, definitely looks like a local score adjustment is best.   I
would adjust the KAM rule score for the domains, possingly the PDS
version as well, and your DKIMWL scores lower. In combination, they are
definitely too weighty.

Regards,

KAM

On 5/1/2022 10:42 PM, Alex wrote:
> On Sun, May 1, 2022 at 9:47 PM Kevin A. McGrail <kmcgrail@apache.org> wrote:
>> Did it cause a fp with a score of 5.0 or higher?
> Yes.
>
> https://pastebin.com/AqezMHjQ
>
> Thanks!

--
Kevin A. McGrail
KMcGrail@Apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171
Re: Untrustworthy TLDs and KAM [ In reply to ]
On 2022-05-02 15:51, Kevin A. McGrail wrote:
> Thanks Alex, definitely looks like a local score adjustment is best.  
> I would adjust the KAM rule score for the domains, possingly the PDS
> version as well, and your DKIMWL scores lower. In combination, they
> are definitely too weighty.

so why is kam channel not being masschecked with rules scores just like
spamassassin channel is ?
Re: Untrustworthy TLDs and KAM [ In reply to ]
On Sun, May 01, 2022 at 09:45:38PM -0400, Alex wrote:
> Hi,
>
> Four points for a .online TLD with KAM rules
>
> * 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
> * [URI: www.lci-mtc.online (online)]
>
> * 2.0 KAM_SOMETLD_ARE_BAD_TLD .bar, .buzz, .cam, .casa, .cfd, .club,
> * .date, .guru, .live, .online, .press, .pw, .quest, .rest, .sbs,
> * .shop, .stream, .top, .trade, .work, .xyz TLD abuse
>
> $ spamassassin --version
> SpamAssassin version 4.0.0-r1898781
> running on Perl version 5.34.1

General FYI, sa-update from trunk/4.0.0 also has these options:

--score-multiplier x.x Adjust all scores from update channel, multiply
with given value (integer or float).
--score-limit x.x Adjust all scores from update channel, limit
to given value (integer or float). Limiting
is done after possible multiply operation.

Developed specially for KAM scoring. ;-)
Re: Untrustworthy TLDs and KAM [ In reply to ]
Love it! Thanks Henrik.
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Mon, May 2, 2022 at 12:31 PM Henrik K <hege@hege.li> wrote:

> On Sun, May 01, 2022 at 09:45:38PM -0400, Alex wrote:
> > Hi,
> >
> > Four points for a .online TLD with KAM rules
> >
> > * 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
> > * [URI: www.lci-mtc.online (online)]
> >
> > * 2.0 KAM_SOMETLD_ARE_BAD_TLD .bar, .buzz, .cam, .casa, .cfd, .club,
> > * .date, .guru, .live, .online, .press, .pw, .quest, .rest, .sbs,
> > * .shop, .stream, .top, .trade, .work, .xyz TLD abuse
> >
> > $ spamassassin --version
> > SpamAssassin version 4.0.0-r1898781
> > running on Perl version 5.34.1
>
> General FYI, sa-update from trunk/4.0.0 also has these options:
>
> --score-multiplier x.x Adjust all scores from update channel,
> multiply
> with given value (integer or float).
> --score-limit x.x Adjust all scores from update channel, limit
> to given value (integer or float). Limiting
> is done after possible multiply operation.
>
> Developed specially for KAM scoring. ;-)
>
>