Andrew, Why would you counterweight their IP and not the REVDNS? It seems that it is basically the same thing?
Goran Jovanovic The LAN Shoppe > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Colbeck, Andrew > Sent: Thursday, September 08, 2005 11:52 AM > To: Declude.JunkMail@declude.com > Subject: RE: [Declude.JunkMail] How to credit a domain > > Goran, I have consistently found that providers that handle mail for > other companies are reliable enough that I can merely counterweight > their IP. I hardly ever trust their reverse DNS, and even less often > the HELO. > > I have a last resort test where I have a mixed bag of counterweights. > > Andrew 8) > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Goran Jovanovic > > Sent: Thursday, September 08, 2005 8:33 AM > > To: Declude.JunkMail@declude.com > > Subject: [Declude.JunkMail] How to credit a domain > > > > Hi all, > > > > I get messages like this all the time and I am always in a > > dilemma on what to do about them. This is a legit mail that > > scored 10 (where I start tagging mail). > > > > -------------------------------------------------------------- > > ---------- > > - > > Received: from mx.dstsystems.com [204.167.177.68] by > > mail1.gonetworks.net with ESMTP (SMTPD32-8.13) id > > AAD8195300F2; Wed, 07 Sep 2005 15:09:12 -0400 > > > > X-RBL-Warning: HELOBOGUS: Domain mx.dstsystems.com has no MX > > or A records [0301]. > > > > X-Declude-Sender: [EMAIL PROTECTED] [204.167.177.68] > > > > X-Note: Reverse DNS: Sent from dstsys-cp.dstsystems.com > > ([204.167.177.68]). > > > > X-Note: Tests Failed: CMDSPACE [8], HELOBOGUS [5], > > NOLEGITCONTENT [0], SIZE-S [0] > > -------------------------------------------------------------- > > ---------- > > - > > > > So this mail came from domain dstsystems.com on the IP > > 204.167.177.68 but it is from domain ifdsgroup.com. Now my > > preferred method of dealing with this type of problem is to > > credit based on REVDNS. Again in this case there is a good > > REVDNS but it is not from the same domain as the MAILFROM (if > > it was then I would have no problem in crediting the REVDNS). > > > > So is there a way to figure out if dstsystems.com is a e-mail > > hosting company and then I would not want to credit the > > REVDNS as I do not know what other domains they host. > > > > If I cannot figure out the link then I would not credit > > REVDNS and would move to step 2. Credit HELO. HELOs can be > > spoofed but in this case the HELO is basically the same as the REVDNS. > > > > Next step is crediting MAILFROM. This I can do with the > > ifdsgroup.com and lower the score for e-mail from this > > domain. Again it can be spoofed but ... > > > > I would prefer to credit REVDNS as that cannot be spoofed but > > I am leery of crediting an "unknown" domain when it does not > > relate to the MAILFROM address. > > > > Any thoughts on how (if possible) to connect the two domains? > > Or do I simply drop down to option 3 and credit MAILFROM? I > > suppose that I could try and figure out the admin responsible > > for dstsystems.com and tell them to fix the HELOBOGUS error > > in which case my problems would (mostly) go away. > > > > Any thoughts and comments are appreciated. > > > > Thanks > > > > > > Goran Jovanovic > > The LAN Shoppe > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.JunkMail". The archives can be > > found at http://www.mail-archive.com. > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.