Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 12885 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Spam from very new .US domains?

drxaab
DISCLAIMER: I am *NOT* our email admin, but there are patterns in our spam that make me think they should be easily detectable/score-worthy.

The recent flood of spam that's passed our filtering is largely from the .us domain AND from domains that are less than an hour old.  When you're using blacklist methods to filter, these are probably not going to be stopped as they haven't been around long enough to be in anyone's lists.

Is there a method in PM for checking domain age and adding that to the scoring?  Maybe a DOMAIN_IN_DIAPERS score or something along those lines?

Just curious.  Thanks!

andrew.


This thread was automatically locked due to age.
Parents
  • 0
    Hi, Andrew, and welcome to the User BB!

    I agree that this is a new type of attack.  Whenever I see one of those, I send an abuse report to the registrar of the domain.  I think I've been responsible for 14 domain name suspensions in the last week. [;)]

    But the best would be a Feature Suggestion.  If you add one, I'll move a vote to it.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Hi, Andrew, and welcome to the User BB!

    I agree that this is a new type of attack.  Whenever I see one of those, I send an abuse report to the registrar of the domain.  I think I've been responsible for 14 domain name suspensions in the last week. [;)]

    But the best would be a Feature Suggestion.  If you add one, I'll move a vote to it.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    That will be a difficult attack to eliminate -- however, give greylisting a try -- I've found that to wipe out most offending spam traffic that somehow gets past every other test.

    As far as really detecting spam from these new domains, it's something CommTouch (now Cyren) will have to figure out, as they are the key supplier of the cloud anti-spam detection system that the UTM uses.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Unfiltered HTML