[Rspamd-Users] RBLs for domain registrations in past 24 hours
Sophie Loewenthal
sophie at klunky.co.uk
Tue Apr 28 16:18:12 UTC 2020
Hi,
Does rspamd query RBLs that monitor new domain registrations, in turn adding points to those registered in the past 24 hours? I know an RBL exists, but for the life of me neither I nor google can recall its name.
For example, today I had a rather well designed phishing email purportedly from Amazon, but it scored 2.39 points.
A whois lookup on the domain sahjsj3dsgdshf.website gives 28th April 2020, which was this morning,
Domain Name: SAHJSJ3DSGDSHF.WEBSITE
Registry Domain ID: D184573649-CNIC
Registrar WHOIS Server: whois.godaddy.com
Updated Date: 2020-04-28T12:09:40.0Z
Creation Date: 2020-04-28T12:09:38.0Z
Registry Expiry Date: 2021-04-28T23:59:59.0Z
X-Spamd-Result: default: False [2.39 / 22.00];
R_SPF_ALLOW(-0.20)[+ip4:167.89.0.0/17];
ARC_SIGNED(0.00)[i=1];
MIME_BASE64_TEXT_BOGUS(1.00)[];
URI_COUNT_ODD(1.00)[1];
TO_DN_ALL(0.00)[];
DKIM_TRACE(0.00)[sahjsj3dsgdshf.website:+];
MIME_BASE64_TEXT(0.10)[];
MX_GOOD(-0.01)[];
FORGED_SENDER(0.30)[Security at SAHJSJ3DSGDSHF.WEBSITE,bounces at em2588.sahjsj3dsgdshf.website];
MIME_TRACE(0.00)[0:+,1:+,2:~];
RCVD_TLS_LAST(0.00)[];
ASN(0.00)[asn:11377, ipnet:167.89.96.0/20, country:US];
TAGGED_FROM(0.00)[15758394-9284-sophie=example.co.uk];
FROM_NEQ_ENVFROM(0.00)[Security at SAHJSJ3DSGDSHF.WEBSITE,bounces at em2588.sahjsj3dsgdshf.website];
HAS_DATA_URI(0.00)[];
ARC_NA(0.00)[];
R_DKIM_ALLOW(-0.20)[sahjsj3dsgdshf.website:s=s1];
FROM_HAS_DN(0.00)[];
TO_MATCH_ENVRCPT_ALL(0.00)[];
MIME_GOOD(-0.10)[multipart/alternative,text/plain];
PREVIOUSLY_DELIVERED(0.00)[anon at example.co.uk];
DMARC_NA(0.00)[SAHJSJ3DSGDSHF.WEBSITE];
SENDER_REP_HAM(0.00)[asn: 11377(-0.18), country: US(-0.01), ip: 167.89.100.250(0.00)];
RCPT_COUNT_ONE(0.00)[1];
RCVD_IN_DNSWL_NONE(0.00)[167.89.100.250:from];
RWL_MAILSPIKE_POSSIBLE(0.00)[167.89.100.250:from];
MID_RHS_NOT_FQDN(0.50)[];
RCVD_COUNT_TWO(0.00)[2]
More information about the Users
mailing list