[GLLUG] blacklist *-gov.uk

Tim Woodall t at woodall.me.uk
Thu Jul 12 08:51:39 UTC 2018

On Thu, 12 Jul 2018, James Courtier-Dutton via GLLUG wrote:

> On 12 July 2018 at 00:00, Carles Pina i Estany via GLLUG
> <gllug at mailman.lug.org.uk> wrote:
>> Last year I bought a new domain and the mails were lost (I didn't like
>> that, for what I remember the emails were not returned but also not
>> delivered... this might have changed) to users of fastmail.co.uk. After
>> contacting them they do this for all the new domains (up to 14 days I
>> think).
> Seems like a pretty good policy.
> If a domain was only registered 14 days ago or less, assume it is junk email.
> Also, interestingly, if you do a DNS lookup, it has pointed the name server at:
> ns1.suspended-for.spam-and-abuse.com
> So, checking if its DNS is pointing towards
> *.suspended-for.spam-and-abuse.com   might give you a clue whether to
> trust it or not!!!

Oh, there's no problem once the domain is suspended. It's the emails I
get before it is suspended that are the issue.

I'm not sure I could open the attachment (word I think) and even if I
can, I'm not sure openoffice will be vulnerable.

But these emails look good. They also pass SPF, DKIM etc. And, most
annoyingly, I do get genuine emails occasionally from .gov.uk that I
don't want to miss. It's not so much the phishing, it's the risk of my
spam filters learning to false positive on ham which is why I want to
stop them.

There's obviously a concerted campaign going on. These domains are up
for around 12 hours before being pulled and yet I've had 4 or 5 of these
emails in the last few weeks.

More information about the GLLUG mailing list