Quote:
Originally Posted by elvey
The amount of spam and botnet traffic coming from .gov and.mil controlled IP addresses is astounding.
|
Anecdotally, I've only ever received a couple of spam messages that had .GOV DKIM signatures. I have never once received spam with a valid .MIL signature.
Agree, there may be plenty of botnet traffic coming from gov/mil associated IP address space. However, the ratio of spam:ham sending from .GOV/.MIL mailservers (i.e. an SMTP server official enough that somebody holding DOTGOV/DISA credentials set up DKIM) is tiny compared to all to other TLDs available to the general public. It's trivial for any random person to send a spam/phishing email that is .COM signed. You could do that with a free AOL account. That's not true for .GOV and especially not true for .MIL.
I don't advocate for whitelisting those TLDs, but bias the total score. Say, -10 for .MIL signatures and -5 for .GOV signatures.