Hacker News new | ask | show | jobs
by ISL 1737 days ago
Whoa. I use an xyz domain daily. This thread is eye-opening. Here's the reply from a SpamAssassin validator.

My domain is almost marked as spam solely on TLD grounds. What's the point of a TLD if it isn't a first-party domain on the internet?

  SpamAssassin Score: -0.599
  Message is NOT marked as spam
  Points breakdown: 
  -5.0 RCVD_IN_DNSWL_HI       RBL: Sender listed at https://www.dnswl.org/,
                              high trust
                              [***.***.***.*** listed in list.dnswl.org]
   0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
                              blocked.  See
                              http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                               for more information.
                              [URIs: ***.xyz]
  -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
                              [***.***.***.*** listed in wl.mailspike.net]
   0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
   2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
                              [URI: ***.xyz (xyz)]
   0.0 HTML_MESSAGE           BODY: HTML included in message
   0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                              valid
  -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
                              author's domain
  -0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
   2.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD
   0.5 FROM_SUSPICIOUS_NTLD   From abused NTLD
   0.0 TVD_SPACE_RATIO        No description available.
3 comments
psutor 1737 days ago
I host my own email, and I got nothing but huge amounts of spam from .xyz domains, so I manually increased the SpamAssassin score for just .xyz to +4.0, as KAM was only adding 0.75 for it. It's the only TLD I've had to do that for.

Unfortunately for the people with legitimate uses, for email admins it's just a really easy (and arguably necessary) shortcut to block a ton of spam.

link
ISL 1737 days ago
Alas, I will never be able to email you :).
link
SilverRed 1737 days ago
I think the problem is that xyz was and maybe still is the cheapest TLD so it naturally attracts all the spammers.
link
tim333 1736 days ago
There are free ones like .gq . They are probably worse!
link
eythian 1737 days ago
On my personal mail server I have an SA rule that gives .xyz a high score (like a +5 or so) because a while back I was getting a huge amount of spam coming in from senders/URLs using domains of it. I haven't revisited that rule in a long time, and suspect it's not unlikely that others have done similar things.
link