Generic top-level domains (gTLDs) that have sprung up in recent years have become a magnet for cybercriminals, to the point where some of them host more malicious domains than legitimate ones. The implementation of the new generic Top Level Domains (gTLD) has greatly increased the number of domains being registered and then used for malicious purposes. There are a selection of these gTLD that are almost exclusively used for malicious activity, and blocking these domains on your SpamTitan server can help improve both server performance and the catch rate.
Over the years, lists of spam-friendly top level domains have typically had .com, .net and .org at the top. However, a TLD's trustworthiness ultimately relies on the ability of the organization that manages it -- known as the registry -- to police its name space and to enforce rules for its resellers, the registrars.
Here are a selection of gTLD that we have seen being used primarily for malicious activity:
To blacklist a TLD go to system Setup > Mail Relay > Sender Controls > Blacklisted Top Level Domains (TLDs), click the Add button:
Enter the TLD you wish to blacklist, a comment and then click Save:
There is no "one size fits all" configuration, so it is possible that some legitimate mail could originate from one of these gTLD. If you decide to block some or all of these gTLD please ensure you monitor for false positives for at least a few days after making the change. To do this go to Reporting > History and filter by "Blacklisted TLD":
Interestingly Spamhaus said in a recent blog post. "A good number of the TLDs succeed in keeping spammers off their domains and work to maintain a positive reputation; this shows that, if they wished to, any TLD registry can 'keep clean'."
Are you an IT professional that wants to ensure sensitive data and devices are protected? Talk to a specialist or email us at firstname.lastname@example.org with any questions.