Sv: Sv: dovecot mailing list (this mailing list), DKIM, SPF and DMARC

Sebastian Nielsen sebastian at sebbe.eu
Sat Feb 12 19:55:05 UTC 2022 

No. I havent confused .xxx with .xyz .

*.xyz is a EXTREMELY spammy TLD.

 

Here is a excerpt out of my log for 2022 about .xyz, if you look on the domain names, you will see that its obvious spam:

 

 

root at sebastian-desktop:/var/log/exim# grep "2022.*\.xyz>: 5.7.1 Banned TLD" mainlog

2022-01-05 11:52:10 H=(sweeps.silencilbottelsks.xyz) [104.223.228.229] rejected MAIL <ringingears at silencilbottelsks.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-05 15:40:20 H=(customise.biofungusnukfjj.xyz) [104.223.228.231] rejected MAIL <biofungusnuker at biofungusnukfjj.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-07 08:32:02 H=(termly.archetypeprodsl.xyz) [104.223.228.210] rejected MAIL <individualogistcom at archetypeprodsl.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-07 10:15:47 H=(malcontents.utlimateketodskd.xyz) [104.223.228.248] rejected MAIL <theultimateketomeal at utlimateketodskd.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-07 11:42:47 H=(paddings.sharpearfks.xyz) [104.223.228.196] rejected MAIL <sharpear at sharpearfks.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-07 13:14:14 H=(enlisting.visiumdksd.xyz) [104.223.228.201] rejected MAIL <visiumplus at visiumdksd.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-07 15:12:41 H=(justification.dentittoxdsprosd.xyz) [104.223.228.197] rejected MAIL <dentitox at dentittoxdsprosd.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-07 16:39:22 H=(sociolinguistic.biofungusnukasdsl.xyz) [104.223.228.206] rejected MAIL <biofungusnuker at biofungusnukasdsl.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-07 17:52:26 H=(intact.bloodsugarblasterkgf.xyz) [104.223.228.209] rejected MAIL <bloodsugarblaster at bloodsugarblasterkgf.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-09 09:08:32 H=(sumo.sonavelskds.xyz) [104.223.228.237] rejected MAIL <sonavel at sonavelskds.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-09 10:44:20 H=(obscures.glucofortfk.xyz) [104.223.228.205] rejected MAIL <glucofort at glucofortfk.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-09 12:14:08 H=(monolayers.prostastreamskds.xyz) [104.223.228.232] rejected MAIL <prostastream at prostastreamskds.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-09 13:56:18 H=(jailer.energycubesystemkdf.xyz) [104.223.228.202] rejected MAIL <energycubesystem at energycubesystemkdf.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-09 15:32:16 H=(britons.steelbiterofkdf.xyz) [104.223.228.213] rejected MAIL <steelbitepro at steelbiterofkdf.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-09 16:52:24 H=(plopping.bloodpresour.xyz) [104.223.228.246] rejected MAIL <bloodpressure911 at bloodpresour.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-15 08:38:50 H=(bismuth.coldwargenhjgf.xyz) [104.223.228.243] rejected MAIL <coldwargenerator at coldwargenhjgf.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-15 09:56:21 H=kunnau.wittynakell.com (countenances.waterfreedomsysdfgh.xyz) [134.73.26.221] rejected MAIL <waterfreedomsystem at waterfreedomsysdfgh.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-15 11:43:17 H=odiara.armoytrontes.com (cramping.ultramanigh.xyz) [134.73.26.233] rejected MAIL <ultramanifestation at ultramanigh.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-15 13:28:54 H=engblk.telewonderfulkings.com (agree.herpagreenhgfd.xyz) [134.73.26.208] rejected MAIL <herpagreens at herpagreenhgfd.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-15 14:43:36 H=kriisi.telewonderfulkings.com (vices.bloodpressourfgjhn.xyz) [134.73.26.200] rejected MAIL <bloodpressure911 at bloodpressourfgjhn.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-15 15:54:50 H=gauda.armoytrontes.com (mediocrity.7dayprayerdskj.xyz) [134.73.26.231] rejected MAIL <7dayprayermiracle at 7dayprayerdskj.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-15 17:38:13 H=gelanc.telewonderfulkings.com (extroversion.proflighthjkg.xyz) [134.73.26.202] rejected MAIL <speciallaunchprice at proflighthjkg.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-15 20:15:17 H=752091-cf18567.tmweb.ru (ourhealthproducts.xyz) [92.53.107.122] rejected MAIL <bxcO3 at ourhealthproducts.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-16 08:44:33 H=jeczo.wittynakell.com (sedated.sharpeardjds.xyz) [134.73.26.219] rejected MAIL <sharpear at sharpeardjds.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-16 10:14:10 H=simog.ecklark.com (rocky.primalfgrowks.xyz) [134.73.26.247] rejected MAIL <primalgrow at primalfgrowks.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-16 11:57:58 H=spewer.armoytrontes.com (friend.trumpcoinfdfs.xyz) [134.73.26.226] rejected MAIL <trump2020goldplatedcoin at trumpcoinfdfs.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-16 13:38:22 H=cushio.armoytrontes.com (trumpeted.glucaforetjds.xyz) [134.73.26.227] rejected MAIL <glucofort at glucaforetjds.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-16 14:57:24 H=armoytrontes.com (wedge.myshedplandks.xyz) [134.73.26.225] rejected MAIL <myshedplan at myshedplandks.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-16 14:58:56 H=(odfcvsn.xyz) [45.9.72.47] rejected MAIL <g1mNpF5Y8O at okmhjk.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-16 16:35:34 H=tiemen.armoytrontes.com (ready.energycubesysdpres.xyz) [134.73.26.235] rejected MAIL <energycubesystem at energycubesysdpres.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-24 22:24:19 H=(ylg888.cn) [121.5.153.59] rejected MAIL <dene at odabas.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

root at sebastian-desktop:/var/log/exim#

 

 

You propably see now how bad of a TLD *.xyz is. Wish ICANN could nuke that TLD out of orbit.

 

 

Från: dovecot-bounces at dovecot.org <dovecot-bounces at dovecot.org> För justina colmena ~biz
Skickat: den 12 februari 2022 16:40
Till: dovecot at dovecot.org
Ämne: RE: Sv: dovecot mailing list (this mailing list), DKIM, SPF and DMARC

 

Google's corporate web page, Alphabet, Inc., is on the ".xyz" top level domain.

* https://abc.xyz/

I suppose Sergey Brin is Russian as well, so what have you there?

Perhaps you have inadvertently confused ".xyz" with the ".xxx" TLD. The popular grade school acronym for "eXamine Your Zipper" is obviously not commercially desirable for the same purposes, although I cannot vouch for particular instances.



On February 12, 2022 5:51:12 AM AKST, Marc <Marc at f1-outsourcing.eu <mailto:Marc at f1-outsourcing.eu> > wrote:

 


  (sorry for posting to list this, but I don't have any ways to contact
Marc off-list now)


    Problem is, I need to unpack each of them to be sure, that these are
 false positives and I'm afraid, that it could lower reputation of my

mail

 server IP address with major providers (like Google Mail).


 How can you get a lower reputation? Afaik dmarc is just signing your

outgoing messages.
  Marc, my domain already has problems sending mail to you, for example:

<Marc at f1-outsourcing.eu <mailto:Marc at f1-outsourcing.eu> >: host spam1.roosit.eu[212.26.193.45] said: 553
5.3.0
     550We have blocked this toplevel because of spam. Use another
toplevel
     until the maintainer has resolved these issues (in reply to MAIL FROM
     command)

--


.ru is not blocked. The connect is originating from a .xyz host.




-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20220212/63cddd74/attachment-0001.htm>

More information about the dovecot mailing list