It's great that ASSP scores when a sending IP doesn't have reverse DNS set.
What I'm noticing though is if a spammer uses an IP to send that has no reverse, that the helo, whatever it is, is in the received line with no indication that it's potentially bogus. ASSP already puts the reverse hostname from DNS in the from line and also shows the helo, like this legit one: Received: from mailer.goodorg.com ([181.xx.xx.xx] helo=exchange.org.local) by... That's helpful for at a glance diagnostics when there's a bogus mail: Received: from real.badsender.ru ([81.xx.xx.xx] helo=mail.paypal.com) by... BUT if the ip doesn't reverse to anything, then ASSP shows Received: from mail.paypal.com ([81.xx.xx.xx] helo=mail.paypal.com) by... putting whatever the helo is right after "from" in the received line and again after the IP. That can cause short term confusion for administrators since the hostname, which we could easily assume is looked up since it usually is), matches the helo. For those users who look at headers to help determine if a message is legit, that could definitely fool them. I propose that if an IP does not reverse that a line look like this instead: Received: from *possibily.bogus.server.detected* ([81.xx.xx.xx] helo= mail.paypal.com) by... or something like that. I >>think<< this is still compliant. ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
