extremesanity.com

The most significant things I’ve done to decrease spam and phishing attempts

• bl.spamcop.net and zen.spamhaus.org RBLs
• vendor RBL (barracuda)
• blocked entire subnets of countries we don’t do business with
• email rate control
• attachment filters
• virus filter
• heuristics
• subject line filters for cryptowall attempts and multi ip distributed campaigns
• block some foreign countries if their reverse DNS resolves back to their country TLD (ex: cn = china), however I don’t block if reverse DNS rules don’t exist or are incorrect
• block TLDs in header and body that are heavily abused (list below)

Heavily abused TLDs
.asia
.br
.click
.cn
.fr
.it
.link
.rocks
.ru
.tw
.ua
.ve
.xxx
.xyz