I spend a good amount of time looking at domain names and where they are from. Seems a lot of spammers like to use non-standard domain extensions these days. I think that most of it is because not everyone knows about what some call “Brand top-level domains“.
These Brand top-level domain cover just about every club, group, interest, or service that you can think of. From .android to .youtube.
My biggest issue with these are from span. Now spammers have the opportunity to not only user fake a legitimate domain name with .cc but now with .ooo
So, I started adding new regular expressions to my email server filters. For instance, do I need to receive email from .porn or .republican or .democrat ( I did not want you to think that side with politicians ).
This example is used to block email address that have a Return-Path, From address, or Message-ID with a domain with one of following extension.
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(adult)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(bank|bingo|blackfriday|boo)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(capital|cash|casino|ceo|christmas|cleaning|clothing|church|click|coop|cruises)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(dad|date|degree|democrat|diet|diamonds|directory|download|democrat|dog)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(eat|esq|exchange|exposed)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(fail|faith|family|fashion|foo|fund|furniture|futbol)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(gives|glass|gold|gop|gripe|guru)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(here|hiphop|hiv|holdings|holiday)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(ing|ink|international|investments)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(jewelry)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(kim|kitchen)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(limited|limo|link|loan|loans|lol|lotto|love|luxe|luxury)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(management|mba|meme|men|menu|moe|money)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(new|ninja)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(one|onl|online|ooo)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(party|pharmacy|physio|pizza|plus|poker|porn|post|press|prof)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(racing|red|rehab|ren|rent|rick|rip|rocks|rodeo|rsvp|run)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(sale|sex|sexy|singles|site|social|software|solutions|soy|space|style|sucks|supplies|supply|surf|surgery)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(tattoo|tax|taxi|tel|top)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(uno)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(villas|vision|vodka|vote|voting)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(wang|watch|webcam|website|wed|wedding|whoswho|win|work|works|world|wtf)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(xxx|xyz)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(yoga)>/i
/(Return-Path|From|Message-ID):\s*(.*)\s*<(.*)@(.*)\.(zone)>/i
Some of you might have noticed that I have blocked .love
Lighthouse Knowledge 