09-29-2016 04:35 AM
Ironport C100V, 9.7.2-047
Today a flood of spam made it past this ESA all with one commonality... The sender's domain was .top.
What is this new domain called .top? Did it just become available, hence the spam?
Anyone else seeing this?
I added a regex in our blocked senders dictionary which is tested against in an incoming content rule, so hopefully this stops it. But what have you guys seen out there?
09-29-2016 10:32 AM
Hi Keith,
Domains with .top are usually private domains available for purchase. These could very well be used by spammers, however no such instance was brought to our notice.
Domains with .top are listed as most abused top level domains on spamhaus as well.
https://www.spamhaus.org/statistics/tlds/
For all spam emails the process would remain the same, please submit the original email sample with headers intact to spam@access.ironport.com.
Using a custom filter to block the domain entirely would also help if you do not receive legitimate emails from such domains.
Cisco spam submission and tracking portal went live last week, below is a FAQ for the same.
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/200648-ESA-FAQ-How-to-work-with-Cisco-Email-Su.html
Thanks
Libin
09-30-2016 12:16 AM
Was going to post the Spamhaus link but Libin has beaten me to it :-)
As soon as one of those goes anywhere near 50% or appears on my own radar, I do diligence then block the whole TLD, hosts and senders. Currently on my own Junk TLD list:
Hmm, looks like .trade might become a problem too...
Now this might work for my own network and I can afford to take a fairly robust attitude to any genuine senders who sign up to a blatantly stupid idea, but to repeat do perform your own checks before slamming any of these domains. That also means having mechanisms in place to detect and respond to any necessary exceptions.
09-29-2016 01:44 PM
We have seen spam from .top as well.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide