You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by JK4 Soph <ju...@klunky.co.uk> on 2015/07/16 09:38:55 UTC
KAM.cf KAM_COUK
Morning everybody,
I noticed this rule scoring co.uk domains higher, and was wondering why
businesses in the UK with commercial UK domains are scored this way?
Why don't we score .com in the same way?
* 1.1 KAM_COUK Scoring .co.uk emails higher due to poor registry security.
I'll disaemable this rule because it scores my legitimate il flow a
little higher, even if I;ve not seen a false positive, yet.
My KAM.cf is dated from the May 12th.
Kind regards. Sophie.
Re: KAM.cf KAM_COUK
Posted by RW <rw...@googlemail.com>.
On Thu, 16 Jul 2015 07:38:31 -0400
Kevin A. McGrail wrote:
> On 7/16/2015 7:35 AM, RW wrote:
> > On Thu, 16 Jul 2015 05:02:33 -0400
> > Kevin A. McGrail wrote:
> >
> >> the co.uk appeared in spam and appeared to have cruddy
> >> registration security allowing an influx of throwaway domains
> >> likely paid through fraudulent means, etc.
> >
> > Spammers can't buy .co.uk domains directly from Nominet, they buy
> > them through the likes of eNom etc. Is there really any difference
> > to .com?
> >
> there is in my corpora which may not be indicative of others,
> especially those in the UK.
I meant in terms of "cruddy registration security allowing an influx of
throwaway domains likely paid through fraudulent means, etc". I
suspect it's mainly because of price, and perhaps the namespace is a
bit less mined-out.
Re: KAM.cf KAM_COUK
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 7/16/2015 7:35 AM, RW wrote:
> On Thu, 16 Jul 2015 05:02:33 -0400
> Kevin A. McGrail wrote:
>
>> the co.uk appeared in spam and appeared to have cruddy
>> registration security allowing an influx of throwaway domains likely
>> paid through fraudulent means, etc.
> Spammers can't buy .co.uk domains directly from Nominet, they buy them
> through the likes of eNom etc. Is there really any difference to .com?
there is in my corpora which may not be indicative of others, especially
those in the UK.
Regards,
KAM
Re: KAM.cf KAM_COUK
Posted by Reindl Harald <h....@thelounge.net>.
Am 16.07.2015 um 13:35 schrieb RW:
> On Thu, 16 Jul 2015 05:02:33 -0400
> Kevin A. McGrail wrote:
>
>> the co.uk appeared in spam and appeared to have cruddy
>> registration security allowing an influx of throwaway domains likely
>> paid through fraudulent means, etc.
>
> Spammers can't buy .co.uk domains directly from Nominet, they buy them
> through the likes of eNom etc. Is there really any difference to .com?
no there isn't and the repeating "this tld" in case of non-gtl's is just
annoying - .co.uk is the same as .com and the same applies for co.at
where not so long ago people proposed to block the whole domain and i
was accused "so why are you working for co.at" by not undertstanding the
difference of a registry / registrar and a company
Re: KAM.cf KAM_COUK
Posted by RW <rw...@googlemail.com>.
On Thu, 16 Jul 2015 05:02:33 -0400
Kevin A. McGrail wrote:
> the co.uk appeared in spam and appeared to have cruddy
> registration security allowing an influx of throwaway domains likely
> paid through fraudulent means, etc.
Spammers can't buy .co.uk domains directly from Nominet, they buy them
through the likes of eNom etc. Is there really any difference to .com?
Re: KAM.cf KAM_COUK
Posted by RW <rw...@googlemail.com>.
On Thu, 16 Jul 2015 11:20:33 +0200
Benny Pedersen wrote:
> sorry if that was not clear from my writing in the first place :(
>
> and i agre that co.uk is double tld, even if it same registra owned
> its silly
We've already been through this. It dates back to before any internet
TLDs were registered, when all private companies connecting to the
JANET network were allocated names under the UK.CO. hierarchy. The two
systems co-existed for many years, so it made sense that names could be
the same apart from case and endianess.
What's so silly about that?
> the case in co.dk was also dropped, since no one would pay more for a
> dk domain
That wouldn't matter if it were not possible to buy .dk domains. Again
we've already been though this, direct .uk domains were not available
to the public before 2014.
A lot of countries have official hierarchical domains. Some allow
domains directly on the ccTLD, some don't. Denmark is part of a cluster
of European countries that have flat cc domains, it is not
representative of the rest of the world.
Your particular reasons for penalizing .co.uk are irrational.
Re: KAM.cf KAM_COUK
Posted by Benny Pedersen <me...@junc.eu>.
Reindl Harald skrev den 2015-07-16 11:23:
> because that is not maintainable in real life when you have more than
> 2 mailusers?
i am a BOFH aswell
rsync
Re: KAM.cf KAM_COUK
Posted by Reindl Harald <h....@thelounge.net>.
Am 16.07.2015 um 11:20 schrieb Benny Pedersen:
> Kevin A. McGrail skrev den 2015-07-16 11:02:
>
>>>> * 1.1 KAM_COUK Scoring .co.uk emails higher due to poor registry
>>>> security.
>
>> In the end, I'd recommend that you score the rule lower for your
>> personal needs or if you have it causing FPs where it scores over a
>> 5.0, let us know.
>
> admit it was me that did blacklist_uri_host co.uk # tld scoreing
> and later sayed whitelist_uri_host example.co.uk ¤ non spamming domain
>
> why did you not use that ?
because that is not maintainable in real life when you have more than 2
mailusers?
Re: KAM.cf KAM_COUK
Posted by Benny Pedersen <me...@junc.eu>.
Kevin A. McGrail skrev den 2015-07-16 11:02:
>>> * 1.1 KAM_COUK Scoring .co.uk emails higher due to poor registry
>>> security.
> In the end, I'd recommend that you score the rule lower for your
> personal needs or if you have it causing FPs where it scores over a
> 5.0, let us know.
admit it was me that did blacklist_uri_host co.uk # tld scoreing
and later sayed whitelist_uri_host example.co.uk ¤ non spamming domain
why did you not use that ?
my gold is not to create a new rule, but to meotralize score on non
spamming domains
sorry if that was not clear from my writing in the first place :(
and i agre that co.uk is double tld, even if it same registra owned its
silly
the case in co.dk was also dropped, since no one would pay more for a dk
domain
thanks for backup and that spamassassin is opensource :=)
Re: KAM.cf KAM_COUK
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 7/16/2015 3:45 AM, Axb wrote:
> On 16.07.2015 09:38, JK4 Soph wrote:
>> Morning everybody,
>>
>> I noticed this rule scoring co.uk domains higher, and was wondering why
>> businesses in the UK with commercial UK domains are scored this way?
>> Why don't we score .com in the same way?
>>
>> * 1.1 KAM_COUK Scoring .co.uk emails higher due to poor registry
>> security.
>>
>> I'll disaemable this rule because it scores my legitimate il flow a
>> little higher, even if I;ve not seen a false positive, yet.
>>
>> My KAM.cf is dated from the May 12th.
>
> probably because the rule maintainer's local mailflow seldom sees
> legit UK biz traffic and doesn't risk FPs?
>
Actually, we see a lot of UK traffic and don't consider a 1.1 score that
high. As mentioned in the description, at the time the rule was
implemented, the co.uk appeared in spam and appeared to have cruddy
registration security allowing an influx of throwaway domains likely
paid through fraudulent means, etc.
In the end, I'd recommend that you score the rule lower for your
personal needs or if you have it causing FPs where it scores over a 5.0,
let us know.
regards,
KAM
Re: KAM.cf KAM_COUK
Posted by Axb <ax...@gmail.com>.
On 16.07.2015 09:38, JK4 Soph wrote:
> Morning everybody,
>
> I noticed this rule scoring co.uk domains higher, and was wondering why
> businesses in the UK with commercial UK domains are scored this way?
> Why don't we score .com in the same way?
>
> * 1.1 KAM_COUK Scoring .co.uk emails higher due to poor registry security.
>
> I'll disaemable this rule because it scores my legitimate il flow a
> little higher, even if I;ve not seen a false positive, yet.
>
> My KAM.cf is dated from the May 12th.
probably because the rule maintainer's local mailflow seldom sees legit
UK biz traffic and doesn't risk FPs?