How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?

scottalanmiller

@wirestyle22 said in How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?:

The goal is when an e-mail is coming in from [email protected] EXCEPT country codes, they are blocked.

Simple answer is, if you could do this, every spam filter would do it automatically. They don't, because it can't be done reliably.

wirestyle22

@scottalanmiller said in How do I block anything after .com that is not a country code with a regular expression in e-mail?:

@wirestyle22 said in How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?:

The goal is when an e-mail is coming in from [email protected] EXCEPT country codes, they are blocked.

Simple answer is, if you could do this, every spam filter would do it automatically. They don't, because it can't be done reliably.

So it's too broad? I do similar things to usernames such as:

from:.+<.*\..{2,}\..*\@

This blocks any e-mail that has two periods in the username but ignores it if it's a single character.

[email protected] would make it through.
[email protected] would not.

It has reduced our spam by 95% and I've only seen 3 instances of false positives in 4 months of it being active.

scottalanmiller

@wirestyle22 said in How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?:

So it's too broad?

Yes, too broad to be reliable.

scottalanmiller

@wirestyle22 said in How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?:

It has reduced our spam by 95% and I've only seen 3 instances of false positives in 4 months of it being active.

The question is, how many false positives are okay?

wirestyle22

@scottalanmiller said in How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?:

@wirestyle22 said in How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?:

It has reduced our spam by 95% and I've only seen 3 instances of false positives in 4 months of it being active.

The question is, how many false positives are okay?

You try to have as little false positives as possible while also having as little spam as possible. Can't prevent either 100%

scottalanmiller

@wirestyle22 said in How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?:

@scottalanmiller said in How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?:

@wirestyle22 said in How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?:

It has reduced our spam by 95% and I've only seen 3 instances of false positives in 4 months of it being active.

The question is, how many false positives are okay?

You try to have as little false positives as possible while also having as little spam as possible. Can't prevent either 100%

That's not really an answer. And yes, you can prevent the one 100%.

Dashrender

@scottalanmiller said in How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?:

@wirestyle22 said in How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?:

@scottalanmiller said in How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?:

@wirestyle22 said in How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?:

It has reduced our spam by 95% and I've only seen 3 instances of false positives in 4 months of it being active.

The question is, how many false positives are okay?

You try to have as little false positives as possible while also having as little spam as possible. Can't prevent either 100%

That's not really an answer. And yes, you can prevent the one 100%.

Exactly - don't filter, and you will have 0% false positives.

stacksofplates

@Dashrender said in How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?:

@scottalanmiller said in How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?:

@wirestyle22 said in How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?:

@scottalanmiller said in How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?:

@wirestyle22 said in How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?:

It has reduced our spam by 95% and I've only seen 3 instances of false positives in 4 months of it being active.

The question is, how many false positives are okay?

You try to have as little false positives as possible while also having as little spam as possible. Can't prevent either 100%

That's not really an answer. And yes, you can prevent the one 100%.

Exactly - don't filter, and you will have 0% false positives.

Or block 100% and you have no spam

scottalanmiller

You will need to trigger the spam filters and get a list of every country domain.

scottalanmiller

What spam examples will this block?