View Single Post
Old 22 Apr 2019, 03:06 AM   #28
snsh
Cornerstone of the Community
 
Join Date: Dec 2002
Location: Boston
Posts: 610
Quote:
Originally Posted by elvey View Post
The amount of spam and botnet traffic coming from .gov and.mil controlled IP addresses is astounding.
Anecdotally, I've only ever received a couple of spam messages that had .GOV DKIM signatures. I have never once received spam with a valid .MIL signature.

Agree, there may be plenty of botnet traffic coming from gov/mil associated IP address space. However, the ratio of spam:ham sending from .GOV/.MIL mailservers (i.e. an SMTP server official enough that somebody holding DOTGOV/DISA credentials set up DKIM) is tiny compared to all to other TLDs available to the general public. It's trivial for any random person to send a spam/phishing email that is .COM signed. You could do that with a free AOL account. That's not true for .GOV and especially not true for .MIL.

I don't advocate for whitelisting those TLDs, but bias the total score. Say, -10 for .MIL signatures and -5 for .GOV signatures.
snsh is offline   Reply With Quote