Hi; You are right but there are some issues that requires a tad re-thinking. We are getting a lot of spam from the following domains:
.threeiscrowded.com .twelvesolvesthepuzzle.com .eightiscrazy.com .oneislonely.com .elevenisbarelythere.com .sixislazy.com All appear to follow the same thought process and naming convention. These domains are not listed in any of the DSBL tests and we have had some that actually make it to the receipient with weights of 15-19. We hold on 20. Since these guys use graphic images and only links are in the body it makes it hard to identify it as spam if the URL's are not in our filter file. Everyday we see a new variation of this naming convention. Of course once we see one we block the domain as a text filter but before we see one they manage to be sent to everyone in our domains in one blast. If we are to stop spam we have to go to the source of origin and then track the email. DNS is just one thought - perhaps even being able to whitelist a DNS server could be a great add-on for reducing false positives. While not everyone is doing the correct REVDNS everyone has to have a DNS server. eMails can be faked, helo can be faked. I don't know but I am sure Scott and others would know- Can DNS be faked? Regards, Kami -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rifat Levis Sent: Friday, July 18, 2003 6:08 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] DNS Test? It is seems like a intersting test , but it will do more harm to ISP , I am just thinking my case , having more than thousands domains. If 1 of those domains start doing a spam , thousands of others will have problems. The isp mail servers also . Adding a small weight can do the job :) Rifat Levis ----- Original Message ----- From: "Dan Patnode" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, July 19, 2003 12:40 AM Subject: Re: [Declude.JunkMail] DNS Test? Can't wait for this one! On Friday, July 18, 2003 11:10, R. Scott Perry <[EMAIL PROTECTED]> wrote: > >>I have been looking at this trend and perhaps having another tool in >>our arsenal could help. >> >>Can there be a header or a variable we can assign weight to for DNS? >> >>A lot of spam houses have a DNS server and several that I checked were >>showing the same name server for their domains. >> >>Just like a blacklist that looks at emails I wonder if it is efficient >>use of resources if one could also have a blacklist of DNS servers. >>This way we can add weight to certain servers. > >This is an interesting idea. It's been added to the suggestion >database. It would be a bit tricky to implement, but could be very >useful (and would probably not require much extra in the way of >resources). > > -Scott >--- >Declude JunkMail: The advanced anti-spam solution for IMail >mailservers. Declude Virus: Catches known viruses and is the leader in >mailserver vulnerability detection. Find out what you have been >missing: Ask for a free 30-day evaluation. > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type >"unsubscribe Declude.JunkMail". The archives can be found at >http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
