TLD Reputation¶
Under TLD Reputation, top-level domains (TLDs) are managed with spam or phishing scores. Mails from senders with these TLDs in URLs or sender addresses receive a score penalty.
Table¶
| Column | Description |
|---|---|
| TLD | Top-level domain (e.g. .xyz, .top, .gq) |
| Score | Score contribution on hit — empty = system-wide default |
| Source | static (manual), learned (automatically learned), manual (set by operator) |
| Observed Mails | Number of mails seen with this TLD |
| Spam Ratio | Percentage of spam mails (colour-coded: red = high) |
| Last Learned | Timestamp of last automatic score adjustment |
| Locked | Operator has manually locked the score — automatic learning disabled |
| Active | Enable/disable the TLD rule |
Source Tags¶
| Source | Meaning |
|---|---|
static |
Hard-coded default entries |
learned |
Automatically learned from mail traffic |
manual |
Manually created or edited by an administrator |
Operator Lock¶
When Locked is active, the operator score permanently overrides the automatically learned score. Useful when a TLD is incorrectly classified as spam-prone (e.g. a legitimate .xyz domain of a customer).
Adding / Editing a TLD¶
| Field | Description |
|---|---|
| TLD | TLD without dot, e.g. xyz (dot is added automatically) |
| Score | Numeric score contribution (empty = system default score) |
| Active | Activate immediately |
Automatic Learning¶
nmg continuously observes which TLDs appear in spam and ham mails. TLDs with a statistically high spam ratio are automatically assigned a score or have their score increased — unless an operator lock is set.
Statistics (Colour Coding)¶
| Spam Ratio | Colour |
|---|---|
| < 20% | Grey (unremarkable) |
| 20–50% | Orange (elevated attention) |
| > 50% | Red (high spam ratio) |
Typical High-Risk TLDs¶
Pre-installed with elevated score by default:
.xyz · .top · .click · .loan · .win · .gq · .tk · .ml · .cf · .ga · .download · .stream · .racing · .trade
These TLDs are frequently used for throwaway domains in spam and phishing campaigns.