Re: [Declude.JunkMail] DYNAMIC - 09/17/2003 - A new filter to detect IP'd reverse DNS entries IP'd reverse DNS entries

[Matthew Bramble]

Oops, my bad, the 224 is a reference to your class B.  That is dumb, but at least they didn't make it look like a dial-up IP.  You still wouldn't score though :) Matt Matthew Bramble wrote: Actually, you don't get scored with this filter.  You would need to have dashes or dots on both sides of a number.  Even if you did, you would have a real tough time scoring anything over 1 coming to my machine.  Your mileage may vary of course. Also, I can't see why it would be even workable to tag frame or T-1's with an IP address in the reverse.  Too many such clients use full class C's and the practice of using numbered naming conventions in dial-up because they're fixed and easy to identify (i.e. they don't have to assign new names upon request).  The only thing that might match your IP in that reverse entry is the 88, not the 224, that's probably reference to a customer number or region so they can look you up in a database i'm guessing. Matt Todd Holt wrote: Joshua makes a great case for how to adjust the weighting system.  However, I think the initial test assumptions are flawed.   Case in point: As Joshua corrected noted, our RDNS is las-DSL224-cust088.mpowercom.net.  However, we are on a T-1 line from MPower.  Now I agree that MPower is to blame for incorrectly specifying (IMHO) the RDNS entry.  Nonetheless, I am powerless (as much as I have tried) to get MPower to change this policy/procedure.  The result is that your test is throwing points towards me for being a DSL connection and I’m not even connecting with DSL!   I wish, as much as everyone else, that the RDNS entries were more accurate, but they aren’t.  And they cannot be trusted to give the information your seeking from them.  This is the same discussion we had when AOL started filtering on DSL connections.  I think the test is likely to produce sporadic (hopefully very few), but important false positives.  I hope no one is deleting messages that contain points from this test.   Todd Holt Xidix Technologies, Inc Las Vegas, NV  USA www.xidix.com   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Joshua Levitsky Sent: Wednesday, September 17, 2003 5:02 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] DYNAMIC - 09/17/2003 - A new filter to detect IP'd reverse DNS entries   On Sep 17, 2003, at 7:31 PM, Todd Holt wrote: 1. Can this filter distinguish between ADSL and SDSL? If not, is this acceptable? 2. Is the filter doing this? 3. Are there any unique instructions for doing this 88.224.57.208.in-addr.arpa. 604800 IN PTR las-DSL224-cust088.mpowercom.net In the case of your mail.xidix.com, you would not fail that test because they made your PTR have DSL224- rather than -224- where it would have failed. I don't know if this was on purpose in Matthew's filter or not. I do see benefit in giving some points to a PTR like yours just like I throw points at CHINA or BRAZIL when I actually do get legit mail from Brazil, but I find my legit Brazil email doesn't get enough points to be blocked, and sometimes throwing some points at Brazil can help to catch spam that would not be otherwise. By the same token I would not block DSL like yours, but I would give a couple of points simply to make the other tests more sensitive because then it would take less for you to hit my threshold. I have plenty of mail that has 5 or 6 points and is perfectly legit, and that's fine as long as legit mail doesn't get 50 or 60 points. -Josh