Hi, Goran. I like to counterweight based on their IP for a couple of reasons. The first is that if their administration is not up to par (so that I have to counterweight them), the odds are good that their revdns is flawed or that their DNS is subject to timeouts.
I also find that, as a practical matter, a company is as likely to change their IP as their revdns so neither is more "stable" than the other. Third, a lot of the companies with this kind of problem also fail REVDNS anyway! Last, larger companies can sometimes easily be spotted in SenderBase.org as having all of their mailhosts on a small subnet and I can use a REMOTEIP CIDR mask. Andrew 8) > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Goran Jovanovic > Sent: Thursday, September 08, 2005 9:22 AM > To: Declude.JunkMail@declude.com > Subject: RE: [Declude.JunkMail] How to credit a domain > > Andrew, > > Why would you counterweight their IP and not the REVDNS? It > seems that it is basically the same thing? > > > Goran Jovanovic > The LAN Shoppe > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > > [EMAIL PROTECTED] On Behalf Of Colbeck, Andrew > > Sent: Thursday, September 08, 2005 11:52 AM > > To: Declude.JunkMail@declude.com > > Subject: RE: [Declude.JunkMail] How to credit a domain > > > > Goran, I have consistently found that providers that handle > mail for > > other companies are reliable enough that I can merely counterweight > > their IP. I hardly ever trust their reverse DNS, and even > less often > > the HELO. > > > > I have a last resort test where I have a mixed bag of > counterweights. > > > > Andrew 8) > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Goran > > > Jovanovic > > > Sent: Thursday, September 08, 2005 8:33 AM > > > To: Declude.JunkMail@declude.com > > > Subject: [Declude.JunkMail] How to credit a domain > > > > > > Hi all, > > > > > > I get messages like this all the time and I am always in > a dilemma > > > on what to do about them. This is a legit mail that > scored 10 (where > > > I start tagging mail). > > > > > > -------------------------------------------------------------- > > > ---------- > > > - > > > Received: from mx.dstsystems.com [204.167.177.68] by > > > mail1.gonetworks.net with ESMTP (SMTPD32-8.13) id > AAD8195300F2; Wed, > > > 07 Sep 2005 15:09:12 -0400 > > > > > > X-RBL-Warning: HELOBOGUS: Domain mx.dstsystems.com has no MX or A > > > records [0301]. > > > > > > X-Declude-Sender: [EMAIL PROTECTED] [204.167.177.68] > > > > > > X-Note: Reverse DNS: Sent from dstsys-cp.dstsystems.com > > > ([204.167.177.68]). > > > > > > X-Note: Tests Failed: CMDSPACE [8], HELOBOGUS [5], NOLEGITCONTENT > > > [0], SIZE-S [0] > > > -------------------------------------------------------------- > > > ---------- > > > - > > > > > > So this mail came from domain dstsystems.com on the IP > > > 204.167.177.68 but it is from domain ifdsgroup.com. Now > my preferred > > > method of dealing with this type of problem is to credit based on > > > REVDNS. Again in this case there is a good REVDNS but it > is not from > > > the same domain as the MAILFROM (if it was then I would have no > > > problem in crediting the REVDNS). > > > > > > So is there a way to figure out if dstsystems.com is a e-mail > > > hosting company and then I would not want to credit the > REVDNS as I > > > do not know what other domains they host. > > > > > > If I cannot figure out the link then I would not credit > REVDNS and > > > would move to step 2. Credit HELO. HELOs can be spoofed > but in this > > > case the HELO is basically the same as the > REVDNS. > > > > > > Next step is crediting MAILFROM. This I can do with the > > > ifdsgroup.com and lower the score for e-mail from this > domain. Again > > > it can be spoofed but ... > > > > > > I would prefer to credit REVDNS as that cannot be spoofed > but I am > > > leery of crediting an "unknown" domain when it does not relate to > > > the MAILFROM address. > > > > > > Any thoughts on how (if possible) to connect the two domains? > > > Or do I simply drop down to option 3 and credit MAILFROM? > I suppose > > > that I could try and figure out the admin responsible for > > > dstsystems.com and tell them to fix the HELOBOGUS error in which > > > case my problems would (mostly) go away. > > > > > > Any thoughts and comments are appreciated. > > > > > > Thanks > > > > > > > > > Goran Jovanovic > > > The LAN Shoppe > > > --- > > > This E-mail came from the Declude.JunkMail mailing list. To > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], > and type > > > "unsubscribe Declude.JunkMail". The archives can be found at > > > http://www.mail-archive.com. > > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > "unsubscribe Declude.JunkMail". The archives can be found at > > http://www.mail-archive.com. > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be > found at http://www.mail-archive.com. > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
