6903 – Additional freemail provider domains

Bug 6903 - Additional freemail provider domains

Summary: Additional freemail provider domains

Status:	RESOLVED FIXED

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Rules (show other bugs)
Version:	unspecified
Hardware:	PC Linux

Importance:	P4 normal
Target Milestone:	Undefined
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-02-03 08:22 UTC by Christer Mjellem Strand
Modified:	2019-06-19 16:26 UTC (History)
CC List:	2 users (show)

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christer Mjellem Strand 2013-02-03 08:22:55 UTC

These domains offering free webmail service are missing from 20_freemail_domains.cf, and should probably be added.

* myopera.com - branded Opera, powered by FastMail
* nokiamail.com - branded Nokia, powered by Yahoo!
* zoho.com - powered by Zoho
* in.com - branded IN, powered by Web18
* emailn.de - powered by Emailn.de
* xemail.* - powered by Xemail
* (mail|open).by - powered by Open.By
* clovermail.net/mail-on.us/chewiemail.com/offcolormail.com/powdermail.com/tightmail.com/toothandmail.com/tushmail.com - powered by VFEmail
* openmail.cc/expressmail.dk - currently transferring to being powered by VFEmail
* 5x2.de/freemailen.de/freemailn.de/cyberkriminell.de/4xn.de/vip-client.de/zu-geil.de/besser-als-du.de/unendlich-schlau.de/super-gerissen.de/nerd4life.de/mega-schlau.de/aufdrogen.de/on-steroids.de/auf-steroide.de/staatsterrorist.de/chillaxer.de/scheint.so/muss.so/kann.so/istecht.so/ist-echt.so/5x2.me/danneben.so/will-keinen-spam.de/ist-supersexy.de/ist-schlauer.de/ist-genialer.de/ist-der-wahnsinn.de/ist-der-mann.de/brainsurfer.de/mag-spam.net/ohne-drogen-gehts.net - powered by 5x2 Online
* runbox.* - powered by Runbox - paid service, but offers 30 day free trial
* rbox(.me|.co) - powered by Runbox - same as above

I suspect I may just be scratching the surface here, but it's a start.

Comment 1 AXB 2013-02-19 13:47:59 UTC

I'll dig into this.

Comment 2 AXB 2013-02-19 14:52:09 UTC

Updated as per Rev 1447741

Comment 3 Christer Mjellem Strand 2013-02-20 13:58:26 UTC

Thanks. I haven't checked all of them, but did notice openmail.cc became penmail.cc in that revision. If you prefer, I can report future additions in a more paste-friendly format.

I also noticed a few domains in the list which are now inactive, and thus should probably be removed. Hope you don't mind me reporting it here rather than in a separate bug.

* start.no - now a paid service, powered by Mailia (a Powertech brand), and no new sign-ups allowed
* frisurf.no - service closed, no new sign-ups allowed, addresses possibly retired
* spray.no - service closed, no new sign-ups allowed, addresses presumably retired (no MX record)

Finally, I was surprised to spot bankofchina.com in the list. AFAICT this appears to be an official site of Bank of China, one of China's biggest banks, but I may not know the full story. The web site is identical to that of boc.cn, their official site according to Wikipedia.

Comment 4 AXB 2013-02-20 14:24:50 UTC

(In reply to comment #3)
> Thanks. I haven't checked all of them, but did notice openmail.cc became
> penmail.cc in that revision. If you prefer, I can report future additions in
> a more paste-friendly format.


Fixed!

> I also noticed a few domains in the list which are now inactive, and thus
> should probably be removed. Hope you don't mind me reporting it here rather
> than in a separate bug.
> 
> * start.no - now a paid service, powered by Mailia (a Powertech brand), and
> no new sign-ups allowed
> * frisurf.no - service closed, no new sign-ups allowed, addresses possibly
> retired
> * spray.no - service closed, no new sign-ups allowed, addresses presumably
> retired (no MX record)


see in 20_freemail_domains.cf

# List contains commonly abused end user mail providers
# "freemail" is solely used for label purposes.

FTR: To change the label means it will break many local configs.

There may be historical leftovers or frequently forged domains in the list 


> Finally, I was surprised to spot bankofchina.com in the list. AFAICT this
> appears to be an official site of Bank of China, one of China's biggest
> banks, but I may not know the full story. The web site is identical to that
> of boc.cn, their official site according to Wikipedia.

fixed!

Commit on it's way

Comment 5 Christer Mjellem Strand 2013-02-20 14:51:26 UTC

(In reply to comment #4)

>> I also noticed a few domains in the list which are now inactive, and thus
>> should probably be removed.
[..]
> see in 20_freemail_domains.cf
> 
> # List contains commonly abused end user mail providers
> # "freemail" is solely used for label purposes.
> 
> FTR: To change the label means it will break many local configs.

I wasn't proposing to change the label (to what?), but rather to remove them from the list entirely, as they are deprecated (or at least 2/3 of those I reported are).

> There may be historical leftovers or frequently forged domains in the list 

I wasn't aware this was an acceptable (or even desirable) part of the scope; thanks for enlightening me! Given some thought this does make sense - freemail domains are indeed likely targets of forging, regardless of their current status. I will refrain from reporting the closure of further domains, other than in special cases.

Thanks again!

Comment 6 Christer Mjellem Strand 2013-02-21 09:43:20 UTC

Sorry to keep reopening this, but I noticed one more entry in trunk that looks a bit off: zim.gov.zwpenmail.cc

This hostname doesn't actually exist (which, as you stated earlier, might be expected), but specifically the presence of the substring penmail.cc makes me suspect there might have been another pasting issue here.

If this is false, and the entry is in fact correct, by all means do resolve this again (and if so, sorry about the confusion!).

Comment 7 AXB 2013-02-21 10:10:35 UTC

(In reply to comment #6)
> Sorry to keep reopening this, but I noticed one more entry in trunk that
> looks a bit off: zim.gov.zwpenmail.cc
> 
> This hostname doesn't actually exist (which, as you stated earlier, might be
> expected), but specifically the presence of the substring penmail.cc makes
> me suspect there might have been another pasting issue here.
> 
> If this is false, and the entry is in fact correct, by all means do resolve
> this again (and if so, sorry about the confusion!).

fixed / cleaned up dead domains

Committed revision 1448566.

thx for catching these.

Comment 8 Christer Mjellem Strand 2013-02-21 12:33:39 UTC

TL;DR: Looks good now AFAICT - thanks again!

FTR, the original entry - zim.gov.zw - appears to be a Zimbabwean government site ("Zimbabwe's Web Portal"). From what I can gather, it does in fact offer a mail service at <http://wm.gisp.gov.zw/mail>, operated by "Government Internet Service Provider". I can however not find any offers to sign up, and the target audience for GISP seems to be "Government Ministries, Departments and Parastatals". Thus I presume it does not qualify as a "commonly abused end user mail provider", in that government employees would likely not be considered end users as such, so leaving it off the list, as it is now, is probably fine.

Comment 9 Christer Mjellem Strand 2013-02-21 12:55:29 UTC

Really sorry to keep doing this, but..

While going through the revision history for this file, I noticed this:

<http://svn.apache.org/viewvc?view=revision&revision=991855>

IOW, Runbox has been removed from the list once before, for no longer offering free accounts.

The question at hand is: Should the list include domains from providers who do not offer permanently free accounts, but from which accounts are free during a limited time trial period?

I'm inclined to opine that it should, since 30 days is plenty of time to abuse an account. OTOH, providers may have stricter monitoring of outgoing messages from trial accounts (as is the case with at least FastMail).

I ask not just for Runbox, but also for FastMail, who moved to the same model last year, and offer a great number of domains to choose from, many of which are already in the list (I can procure a complete updated list - it rarely changes anymore).

Comment 10 AXB 2013-02-21 13:00:07 UTC

(In reply to comment #9)
> Really sorry to keep doing this, but..
> 
> While going through the revision history for this file, I noticed this:
> 
> <http://svn.apache.org/viewvc?view=revision&revision=991855>
> 
> IOW, Runbox has been removed from the list once before, for no longer
> offering free accounts.
> 
> The question at hand is: Should the list include domains from providers who
> do not offer permanently free accounts, but from which accounts are free
> during a limited time trial period?
> 
> I'm inclined to opine that it should, since 30 days is plenty of time to
> abuse an account. OTOH, providers may have stricter monitoring of outgoing
> messages from trial accounts (as is the case with at least FastMail).
> 
> I ask not just for Runbox, but also for FastMail, who moved to the same
> model last year, and offer a great number of domains to choose from, many of
> which are already in the list (I can procure a complete updated list - it
> rarely changes anymore).


IMO, If it shows up in mailflow, frequently, it could/would be added again.
Same could apply to others.

Comment 11 Henrik Krohns 2019-06-19 16:26:54 UTC

Closing old bug, matter seems resolved.