[SOLVED] KAM_SOMETLD_ARE_BAD_TLD

keeka

Active Member
Dec 8, 2019
199
24
38
I've a few emails that score with:
Code:
KAM_SOMETLD_ARE_BAD_TLD      5 .bar, .beauty, .buzz, .cam, .casa, .cfd, .club, .date, .guru, .link, .live, .online, .press, .pw, .quest, .rest, .sbs, .shop, .stream, .top, .trade, .work, .xyz TLD abuse
However I don't see where the emails concerned match this rule. The only TLDs present in the headers as far as I can see are .co.uk and .net.

The only SA customisation I have are:
KAM_COUK 0 (I'm in UK)
RDNS_NONE 0 (Since I use fetchmail)

I was going to whitelist the sender domains concerned but would also like to understand what happens WRT this SA rule.
What email headers content is used to trigger KAM_SOMETLD_ARE_BAD_TLD and is the above TLD list the only ones used to match for this rule?

Many thanks.
 
For some foolish reason I was only looking at the headers for a TLD. I found the culprit in the message body.
 
The SpamAssassin rule "KAM_SOMETLD_ARE_BAD_TLD" is designed to identify emails that contain links with specific top-level domains (TLDs) associated with potential abuse or spam. The list of TLDs you provided (.bar, .beauty, .buzz, etc.) are considered by this rule as indicative of potential abuse.
 
So, the author of this rule believes it would be a good idea to block content (which a rating of 5 constitutes) based on one single criteria.
Think again, because it's not - one might not even cite one such a URL to ask someone for support.
After 30 years of spam prevention people still don't get it.
Also blocking TLDs is a bad idea as history teaches us. For sure new TLDs attract spammers and scammers but soon enough legit organisations are going to use them for the same reasons: because they can register a free domain for themselves.
So, obviously you might /perhaps/ use them as a /hint/ for some /limited/ time but you /have/ to consider the usual other criteria as well.
And if you do it thoroughly you even might skip the TLD part - because obviously we can filter spam containing .com URLs - right?

From that perspective KAM_SOMETLD_ARE_BAD_TLD is just BS.

I'm writing this because today I had to recover some complete legitimate business emails whose only "fault" was to contain one such url.

Thank you so much.
 
  • Like
Reactions: benka and SamFredo
In my case, the emails concerned were spam. I was just looking to understand things a bit better.
In your case, you might want to reduce the score (possibly zero) for `KAM_SOMETLD_ARE_BAD_TLD`.
 
I don't doubt that. Question is: was KAM_SOMETLD_ARE_BAD_TLD the only rule to have cought that mail?
I just took a look around my mail logs and found hit scores from 17..19 for mails which hit KAM_SOMETLD_ARE_BAD_TLD.
So obviously they would have been recognized as spam even without KAM_SOMETLD_ARE_BAD_TLD.
 
  • Like
Reactions: SamFredo
I guess if 'legit' email is scoring 17-19, then whitelisting may be a better approach than tweaking spam rules. I have had some email that I considered not to be spam. However they were so spammy in their style and formatting, I think any content based spam filter would look unkindly on them. Without additional intelligence, such as data mining used in gmail's spam filter, I imagine it's impossible to get a 100% best fit out of the box.
 
Please don't put words in my mouth. The mails scoring 17..19 were indeed spam. They were identified as such even without KAM_SOMETLD_ARE_BAD_TLD. Which hints to KAM_SOMETLD_ARE_BAD_TLD being not necessary.

My point is: KAM_SOMETLD_ARE_BAD_TLD is faulty by design and not even helpful.
 
I agree with the idea that the rule KAM_SOMETLD_ARE_BAD_TLD penalizes innocent senders by having a high score of 5 by default, which triggers an immediate spam flagging (as most filters consider 5 to be the breaking limit).

Luckily it is so easy in PMG to change the score. I set it to 1 on my system. See the docs:
https://pmg.proxmox.com/pmg-docs/chapter-pmgconfig.html#pmgconfig_spamdetector_customscores

@yidAch7or , unfortunately, in this forum not much can be done if you complain that the rule is not helpful. I believe you will need to report and discuss your concerns with the spamassasin team on the relevant website.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!