We maintain a filter file for many of the major tests, including REVDNS so we can credit domains or addresses that fail a specific test. This is a much narrower way to credit than a whitelist, as it only credits if the message failed the test to begin with.
Darin. ----- Original Message ----- From: "Goran Jovanovic" <[EMAIL PROTECTED]> To: <Declude.JunkMail@declude.com> Sent: Thursday, September 08, 2005 11:32 AM Subject: [Declude.JunkMail] How to credit a domain Hi all, I get messages like this all the time and I am always in a dilemma on what to do about them. This is a legit mail that scored 10 (where I start tagging mail). ------------------------------------------------------------------------ - Received: from mx.dstsystems.com [204.167.177.68] by mail1.gonetworks.net with ESMTP (SMTPD32-8.13) id AAD8195300F2; Wed, 07 Sep 2005 15:09:12 -0400 X-RBL-Warning: HELOBOGUS: Domain mx.dstsystems.com has no MX or A records [0301]. X-Declude-Sender: [EMAIL PROTECTED] [204.167.177.68] X-Note: Reverse DNS: Sent from dstsys-cp.dstsystems.com ([204.167.177.68]). X-Note: Tests Failed: CMDSPACE [8], HELOBOGUS [5], NOLEGITCONTENT [0], SIZE-S [0] ------------------------------------------------------------------------ - So this mail came from domain dstsystems.com on the IP 204.167.177.68 but it is from domain ifdsgroup.com. Now my preferred method of dealing with this type of problem is to credit based on REVDNS. Again in this case there is a good REVDNS but it is not from the same domain as the MAILFROM (if it was then I would have no problem in crediting the REVDNS). So is there a way to figure out if dstsystems.com is a e-mail hosting company and then I would not want to credit the REVDNS as I do not know what other domains they host. If I cannot figure out the link then I would not credit REVDNS and would move to step 2. Credit HELO. HELOs can be spoofed but in this case the HELO is basically the same as the REVDNS. Next step is crediting MAILFROM. This I can do with the ifdsgroup.com and lower the score for e-mail from this domain. Again it can be spoofed but ... I would prefer to credit REVDNS as that cannot be spoofed but I am leery of crediting an "unknown" domain when it does not relate to the MAILFROM address. Any thoughts on how (if possible) to connect the two domains? Or do I simply drop down to option 3 and credit MAILFROM? I suppose that I could try and figure out the admin responsible for dstsystems.com and tell them to fix the HELOBOGUS error in which case my problems would (mostly) go away. Any thoughts and comments are appreciated. Thanks Goran Jovanovic The LAN Shoppe --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.