KAM.cf KAM_COUK

[JK4 Soph <ju...@klunky.co.uk>]

Morning everybody,

I noticed this rule scoring co.uk domains higher, and was wondering why
businesses in the UK with commercial UK domains are scored this way? 
Why don't we score .com in the same way?

	*  1.1 KAM_COUK Scoring .co.uk emails higher due to poor registry security.

I'll disaemable this rule because it scores my legitimate il flow  a
little higher, even if I;ve not seen a false positive, yet.

My KAM.cf is dated from the May 12th.

Kind regards. Sophie.

Re: KAM.cf KAM_COUK

[RW <rw...@googlemail.com>]

On Thu, 16 Jul 2015 07:38:31 -0400
Kevin A. McGrail wrote:

> On 7/16/2015 7:35 AM, RW wrote:
> > On Thu, 16 Jul 2015 05:02:33 -0400
> > Kevin A. McGrail wrote:
> >
> >> the co.uk appeared in spam and appeared to have cruddy
> >> registration security allowing an influx of throwaway domains
> >> likely paid through fraudulent means, etc.
> >
> > Spammers can't buy .co.uk  domains directly from Nominet, they buy
> > them through the likes of eNom etc. Is there really any difference
> > to .com?
> > 
> there is in my corpora which may not be indicative of others,
> especially those in the UK.

I meant in terms of "cruddy registration security allowing an influx of
throwaway domains likely paid through fraudulent means, etc".  I
suspect it's mainly because of price, and perhaps the namespace is a
bit less mined-out.

Re: KAM.cf KAM_COUK

["Kevin A. McGrail" <KM...@PCCC.com>]

On 7/16/2015 7:35 AM, RW wrote:
> On Thu, 16 Jul 2015 05:02:33 -0400
> Kevin A. McGrail wrote:
>
>> the co.uk appeared in spam and appeared to have cruddy
>> registration security allowing an influx of throwaway domains likely
>> paid through fraudulent means, etc.
> Spammers can't buy .co.uk  domains directly from Nominet, they buy them
> through the likes of eNom etc. Is there really any difference to .com?
there is in my corpora which may not be indicative of others, especially 
those in the UK.

Regards,
KAM

Re: KAM.cf KAM_COUK

[Reindl Harald <h....@thelounge.net>]

Am 16.07.2015 um 13:35 schrieb RW:
> On Thu, 16 Jul 2015 05:02:33 -0400
> Kevin A. McGrail wrote:
>
>> the co.uk appeared in spam and appeared to have cruddy
>> registration security allowing an influx of throwaway domains likely
>> paid through fraudulent means, etc.
>
> Spammers can't buy .co.uk  domains directly from Nominet, they buy them
> through the likes of eNom etc. Is there really any difference to .com?

no there isn't and the repeating "this tld" in case of non-gtl's is just 
annoying - .co.uk is the same as .com and the same applies for co.at 
where not so long ago people proposed to block the whole domain and i 
was accused "so why are you working for co.at" by not undertstanding the 
difference of a registry / registrar and a company

Re: KAM.cf KAM_COUK

[RW <rw...@googlemail.com>]

On Thu, 16 Jul 2015 05:02:33 -0400
Kevin A. McGrail wrote:

> the co.uk appeared in spam and appeared to have cruddy 
> registration security allowing an influx of throwaway domains likely 
> paid through fraudulent means, etc.

Spammers can't buy .co.uk  domains directly from Nominet, they buy them
through the likes of eNom etc. Is there really any difference to .com? 

Re: KAM.cf KAM_COUK

[RW <rw...@googlemail.com>]

On Thu, 16 Jul 2015 11:20:33 +0200
Benny Pedersen wrote:


> sorry if that was not clear from my writing in the first place :(
> 
> and i agre that co.uk is double tld, even if it same registra owned
> its silly

We've already been through this. It dates back to before any internet
TLDs were registered,  when all private companies connecting to the
JANET network were allocated names under the UK.CO. hierarchy. The two
systems co-existed for many years, so it made sense that names could be
the same apart from case and endianess.  

What's so silly about that?

> the case in co.dk was also dropped, since no one would pay more for a
> dk domain


That wouldn't matter if it were not possible to buy .dk domains. Again
we've already been though this, direct .uk domains were not available
to the public before 2014. 

A lot of countries have official hierarchical domains. Some allow
domains directly on the ccTLD, some don't. Denmark is part of a cluster
of European countries that have flat cc domains, it is not
representative of the rest of the world.

Your particular reasons for penalizing .co.uk are irrational.

Re: KAM.cf KAM_COUK

[Benny Pedersen <me...@junc.eu>]

Reindl Harald skrev den 2015-07-16 11:23:

> because that is not maintainable in real life when you have more than
> 2 mailusers?

i am a BOFH aswell

rsync

Re: KAM.cf KAM_COUK

[Reindl Harald <h....@thelounge.net>]

Am 16.07.2015 um 11:20 schrieb Benny Pedersen:
> Kevin A. McGrail skrev den 2015-07-16 11:02:
>
>>>> *  1.1 KAM_COUK Scoring .co.uk emails higher due to poor registry
>>>> security.
>
>> In the end, I'd recommend that you score the rule lower for your
>> personal needs or if you have it causing FPs where it scores over a
>> 5.0, let us know.
>
> admit it was me that did blacklist_uri_host co.uk # tld scoreing
> and later sayed whitelist_uri_host example.co.uk ¤ non spamming domain
>
> why did you not use that ?

because that is not maintainable in real life when you have more than 2 
mailusers?

Re: KAM.cf KAM_COUK

[Benny Pedersen <me...@junc.eu>]

Kevin A. McGrail skrev den 2015-07-16 11:02:

>>> *  1.1 KAM_COUK Scoring .co.uk emails higher due to poor registry 
>>> security.

> In the end, I'd recommend that you score the rule lower for your
> personal needs or if you have it causing FPs where it scores over a
> 5.0, let us know.

admit it was me that did blacklist_uri_host co.uk # tld scoreing
and later sayed whitelist_uri_host example.co.uk ¤ non spamming domain

why did you not use that ?

my gold is not to create a new rule, but to meotralize score on non 
spamming domains

sorry if that was not clear from my writing in the first place :(

and i agre that co.uk is double tld, even if it same registra owned its 
silly

the case in co.dk was also dropped, since no one would pay more for a dk 
domain

thanks for backup and that spamassassin is opensource :=)

Re: KAM.cf KAM_COUK

["Kevin A. McGrail" <KM...@PCCC.com>]

On 7/16/2015 3:45 AM, Axb wrote:
> On 16.07.2015 09:38, JK4 Soph wrote:
>> Morning everybody,
>>
>> I noticed this rule scoring co.uk domains higher, and was wondering why
>> businesses in the UK with commercial UK domains are scored this way?
>> Why don't we score .com in the same way?
>>
>>     *  1.1 KAM_COUK Scoring .co.uk emails higher due to poor registry 
>> security.
>>
>> I'll disaemable this rule because it scores my legitimate il flow  a
>> little higher, even if I;ve not seen a false positive, yet.
>>
>> My KAM.cf is dated from the May 12th.
>
> probably because the rule maintainer's local mailflow seldom sees 
> legit UK biz traffic and doesn't risk FPs?
>
Actually, we see a lot of UK traffic and don't consider a 1.1 score that 
high.  As mentioned in the description, at the time the rule was 
implemented, the co.uk appeared in spam and appeared to have cruddy 
registration security allowing an influx of throwaway domains likely 
paid through fraudulent means, etc.

In the end, I'd recommend that you score the rule lower for your 
personal needs or if you have it causing FPs where it scores over a 5.0, 
let us know.

regards,
KAM

Re: KAM.cf KAM_COUK

[Axb <ax...@gmail.com>]

On 16.07.2015 09:38, JK4 Soph wrote:
> Morning everybody,
>
> I noticed this rule scoring co.uk domains higher, and was wondering why
> businesses in the UK with commercial UK domains are scored this way?
> Why don't we score .com in the same way?
>
> 	*  1.1 KAM_COUK Scoring .co.uk emails higher due to poor registry security.
>
> I'll disaemable this rule because it scores my legitimate il flow  a
> little higher, even if I;ve not seen a false positive, yet.
>
> My KAM.cf is dated from the May 12th.

probably because the rule maintainer's local mailflow seldom sees legit 
UK biz traffic and doesn't risk FPs?