Newish domains scoring

[mailscanner at barendse.to]

Hi Peter!

I am trying to achieve the same but think it's not working, not sure if 
that service is still working? The latest news on the website is from 
2017, the  documentation at SEM is somewhat basic,

The only thing I did was to add to /etc/mail/spamassassin/local.cf 
the lines below and nothing beyond that (did I miss something?) :

# SEM-BACKSCATTER
header    RCVD_IN_SEMBACKSCATTER eval:check_rbl('sembackscatter-lastexternal', 'backscatter.spameatingmonkey.net')
tflags    RCVD_IN_SEMBACKSCATTER net
describe  RCVD_IN_SEMBACKSCATTER Received from an IP listed by SEM-BACKSCATTER
score     RCVD_IN_SEMBACKSCATTER 0.5

# SEM-BLACK
header    RCVD_IN_SEMBLACK eval:check_rbl('semblack-lastexternal', 'bl.spameatingmonkey.net')
tflags    RCVD_IN_SEMBLACK net
describe  RCVD_IN_SEMBLACK Received from an IP listed by SEM-BLACK
score     RCVD_IN_SEMBLACK 0.5

# SEM-FRESHZERO
urirhssub SEM_FRESHZERO freshzero.spameatingmonkey.net. A 2
body      SEM_FRESHZERO eval:check_uridnsbl('SEM_FRESHZERO')
describe  SEM_FRESHZERO Contains a domain never seen before
tflags    SEM_FRESHZERO net
score     SEM_FRESHZERO 0.5

# SEM-FRESH
urirhssub SEM_FRESH fresh.spameatingmonkey.net. A 2
body      SEM_FRESH eval:check_uridnsbl('SEM_FRESH')
describe  SEM_FRESH Contains a domain registered less than 5 days ago
tflags    SEM_FRESH net
score     SEM_FRESH 0.5

# SEM-FRESH10
urirhssub SEM_FRESH10 fresh10.spameatingmonkey.net. A 2
body      SEM_FRESH10 eval:check_uridnsbl('SEM_FRESH10')
describe  SEM_FRESH10 Contains a domain registered less than 10 days ago
tflags    SEM_FRESH10 net
score     SEM_FRESH10 0.5

# SEM-FRESH15
urirhssub SEM_FRESH15 fresh15.spameatingmonkey.net. A 2
body      SEM_FRESH15 eval:check_uridnsbl('SEM_FRESH15')
describe  SEM_FRESH15 Contains a domain registered less than 15 days ago
tflags    SEM_FRESH15 net
score     SEM_FRESH15 0.5

# SEM-FRESH30
urirhssub SEM_FRESH30 fresh30.spameatingmonkey.net. A 2
body      SEM_FRESH30 eval:check_uridnsbl('SEM_FRESH30')
describe  SEM_FRESH30 Contains a domain registered less than 30 days ago
tflags    SEM_FRESH30 net
score     SEM_FRESH30 0.5

# SEM-URI
urirhssub SEM_URI uribl.spameatingmonkey.net. A 2
body      SEM_URI eval:check_uridnsbl('SEM_URI')
describe  SEM_URI Contains a URI listed by SEM-URI
tflags    SEM_URI net
score     SEM_URI 0.5

# SEM-URIRED
urirhssub SEM_URIRED urired.spameatingmonkey.net. A 2
body      SEM_URIRED eval:check_uridnsbl('SEM_URIRED')
describe  SEM_URIRED Contains a URI listed by SEM-URIRED
tflags    SEM_URIRED net
score     SEM_URIRED 0.5



Thanks!!


On Wed, 10 May 2023, Peter Farrow via MailScanner wrote:

> 
> Try these:
> 
> https://spameatingmonkey.com/services
> 
> SEM-FRESH  etc for domains registered recently.
> 
> On 10/05/2023 21:51, Tracy Greggs via MailScanner wrote:
>       I know this is a question for the SA users group but I wanted to throw it in here in the even anyone has any ideas or existing solutions.
> So, here we go.
> 
> We almost never get any phishing email from domains over 1 year old.
> 
> We get a lot of phishing email from domains less than 1 year old.
> 
> I would love to be able to have an accurate way of scoring up email from domains less than fill in the blank days old.  In my case 380 days.  This way we could review them for validity and release them if they are good.
> 
> An accurate way of performing this check would save us quite a bit of grief.
> 
> Ideas or solutions to this anyone?
> 
> 
> --
> [togethia_logo.png]
> Peter Farrow BEng(hons) BBC ETSI
> Office: 01249 736180 |
> Mobile: +44 (0) 7799605617
> Email: MailScanner has detected a possible fraud attempt from "mail:peter.farrow at togethia.net" claiming to be peter.farrow at togethia.net
> Website: www.togethia.it
> [icon_fb_togethia.png] [icon_togwthia_skype.png]
> 
>