I know it's tough in situations like this especially when they do not have PTR's. Personally I very rarely will ever whitelist anything. I do in very sparingly cases have a filter where I will add a domain that will subtract weight.
If that email below also failed due to lines in one of your filter files than you will need to look at those filters and make sure they are not too aggressive or generic. Darrell ------------------------------------------- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. ----- Original Message ----- From: "Goran Jovanovic" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Saturday, February 12, 2005 5:18 PM Subject: RE: [Declude.JunkMail] Thoughts on Filtering/Whitelisting Darrell, That may be what I do but here is another legitimate one From: [EMAIL PROTECTED] Received: from moonhttp13 [69.90.216.36] And No PTR records exist for 69.90.216.36 So this one would not work in your scheme and I would have to whitelist @puretracks.com as I am not going to whitelist the IP since I don't have a clue what it is. Goran Jovanovic The LAN Shoppe > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) > Sent: Saturday, February 12, 2005 4:45 PM > To: [email protected] > Subject: Re: [Declude.JunkMail] Thoughts on Filtering/Whitelisting > > Goran, > > I actually use reverse dns filters to address stuff like this. It allows > them (remote domain) to move to new IP addresses and as long as they keep > up > their PTR we are all set. > > REVDNS -30 ENDSWITH .ipswitch.com > > Darrell > > ------------------------------------------- > Check out http://www.invariantsystems.com for utilities for Declude And > Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, > MRTG > Integration, and Log Parsers. > ----- Original Message ----- > From: "Goran Jovanovic" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Saturday, February 12, 2005 4:11 PM > Subject: [Declude.JunkMail] Thoughts on Filtering/Whitelisting > > > Hi all, > > I have a Nigerian SCAM filter (from Kami) which has a test for > > solicitation of an offer > > and weights it at 20. > > Now it turns out that Scotia Capital has a disclaimer on all their > outgoing e-mail with that phrase in it. So I see that I have a couple of > options and I am not really sure what would be best. > > 1) I could remove the phrase from the Nigerian filter. This would solve > the Scotia Capital problem but perhaps let through Nigerian scam > letters. > > 2) Leave the filter in but credit a HELO -20 CONTAINS ScotiaCapital.com > > 3) Create a global whitelist that all my domains would look at and put > @ScotiaCapital.com in the whitelist file. Obviously this would open my > domains up to spoofed e-mail/spam > > 4) I suppose I could whitelist the IP address but that would leave me > managing IP addresses and if they changed then my whitelisting would > break. > > I would be tempted to implement #1 as it is simple but I could let > unknown amounts of SPAM through based on that phrase. > > #2 looks good and this process could be extended to other domains that > are mis-configured and fail HELOBOGUS etc. > > #3 will allow me to start applying "whitelist" requests from one domain > to all domains if they are legitimate requests. There is a government > list that already is in 2 domain's whitelists as both are accountants. > > #4 is not very appealing to me as the IP can change at any time > > So does anyone have another way to do this or would you pick options 1, > 2, 3, or 4 and why. > > Thanx > > > Goran Jovanovic > The LAN Shoppe > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
