We maintain a filter file for many of the major tests, including REVDNS so
we can credit domains or addresses that fail a specific test. This is a
much narrower way to credit than a whitelist, as it only credits if the
message failed the test to begin with.
Darin.
----- Original Message -----
From: "Goran Jovanovic" <[EMAIL PROTECTED]>
To: <Declude.JunkMail@declude.com>
Sent: Thursday, September 08, 2005 11:32 AM
Subject: [Declude.JunkMail] How to credit a domain
Hi all,
I get messages like this all the time and I am always in a dilemma on
what to do about them. This is a legit mail that scored 10 (where I
start tagging mail).
------------------------------------------------------------------------
-
Received: from mx.dstsystems.com [204.167.177.68] by
mail1.gonetworks.net with ESMTP (SMTPD32-8.13) id AAD8195300F2; Wed, 07
Sep 2005 15:09:12 -0400
X-RBL-Warning: HELOBOGUS: Domain mx.dstsystems.com has no MX or A
records [0301].
X-Declude-Sender: [EMAIL PROTECTED] [204.167.177.68]
X-Note: Reverse DNS: Sent from dstsys-cp.dstsystems.com
([204.167.177.68]).
X-Note: Tests Failed: CMDSPACE [8], HELOBOGUS [5], NOLEGITCONTENT [0],
SIZE-S [0]
------------------------------------------------------------------------
-
So this mail came from domain dstsystems.com on the IP 204.167.177.68
but it is from domain ifdsgroup.com. Now my preferred method of dealing
with this type of problem is to credit based on REVDNS. Again in this
case there is a good REVDNS but it is not from the same domain as the
MAILFROM (if it was then I would have no problem in crediting the
REVDNS).
So is there a way to figure out if dstsystems.com is a e-mail hosting
company and then I would not want to credit the REVDNS as I do not know
what other domains they host.
If I cannot figure out the link then I would not credit REVDNS and would
move to step 2. Credit HELO. HELOs can be spoofed but in this case the
HELO is basically the same as the REVDNS.
Next step is crediting MAILFROM. This I can do with the ifdsgroup.com
and lower the score for e-mail from this domain. Again it can be spoofed
but ...
I would prefer to credit REVDNS as that cannot be spoofed but I am leery
of crediting an "unknown" domain when it does not relate to the MAILFROM
address.
Any thoughts on how (if possible) to connect the two domains? Or do I
simply drop down to option 3 and credit MAILFROM? I suppose that I could
try and figure out the admin responsible for dstsystems.com and tell
them to fix the HELOBOGUS error in which case my problems would (mostly)
go away.
Any thoughts and comments are appreciated.
Thanks
Goran Jovanovic
The LAN Shoppe
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
