h:RE: [Declude.JunkMail] Novice question, weight gain
Please remember to restart the services too... :) Glad I could help. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Kruidhof Sent: Wednesday, July 09, 2003 12:38 PM To: [EMAIL PROTECTED] Scott, I understand your point but would it be possible to do a DNS lookup on the RDNS hostname. The IP address that is returned should match the IP address that they used. In your case it would match, but in this case 93.9.60.65.in-addr.arpa does not even have an record. I am looking for a way to validate the RDNS hostname. Thanks again for your quick response, Mike Kruidhof Cooking.com, Inc. > >>How can I add a weight to this email message? >>-- >>Received: from airip2.emailvalues.com [65.60.9.93] by mx2.cooking.com >> (SMTPD32-7.07) id AC6A688008A; Tue, 08 Jul 2003 12:32:58 -0700 >> >>The REVDNS hostname is 93.9.60.65.in-addr.arpa, Yes, they have a RDNS >>entry but it does not match the HELO hostname or is a legitimate >>value. I would like to add a value when this happens. As more >>spammers realize that they have to create a RDNS entry we need to have >>a way to verify that it is a correct value. > >The problem is determining whether or not it is a correct value. For >example, our mailserver has a reverse DNS entry that doesn't correspond >to any of the domains that we send from. Even if it did, would the >HELO/EHLO our mailserver sends have to be the same for all domains, >just so that it will match the reverse DNS entry? It gets difficult >doing matching like this, unfortunately. > >>Should I start a private blacklist? I am trying to keep this low maintenance. > >That may be the best thing to do here. I'm guessing that this is an >E-mail that resulted from the address being supplied to a company >without checking the "Do not send me any partner offers" box. This >type of E-mail can technically be considered solicited, which makes it >unlikely that their IP will get listed in many spam databases. For >this type of E-mail, you often have to create your own blacklist (or >unsubscribe, which often works for this type of E-mail). > > -Scott >--- >Declude JunkMail: The advanced anti-spam solution for IMail mailservers. >Declude Virus: Catches known viruses and is the leader in mailserver >vulnerability detection. >Find out what you have been missing: Ask for a free 30-day evaluation. > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type >"unsubscribe Declude.JunkMail". The archives can be found at >http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Novice question, weight gain
I understand your point but would it be possible to do a DNS lookup on the RDNS hostname. The IP address that is returned should match the IP address that they used. In your case it would match, but in this case 93.9.60.65.in-addr.arpa does not even have an record. I am looking for a way to validate the RDNS hostname. We are looking into the possibility of adding a test to verify that reverse DNS entries have A records pointing back to the original IP. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Novice question, weight gain
Scott, I understand your point but would it be possible to do a DNS lookup on the RDNS hostname. The IP address that is returned should match the IP address that they used. In your case it would match, but in this case 93.9.60.65.in-addr.arpa does not even have an record. I am looking for a way to validate the RDNS hostname. Thanks again for your quick response, Mike Kruidhof Cooking.com, Inc. > >>How can I add a weight to this email message? >>-- >>Received: from airip2.emailvalues.com [65.60.9.93] by mx2.cooking.com >> (SMTPD32-7.07) id AC6A688008A; Tue, 08 Jul 2003 12:32:58 -0700 >> >>The REVDNS hostname is 93.9.60.65.in-addr.arpa, Yes, they have a RDNS >>entry but it does not match the HELO hostname or is a legitimate value. I >>would like to add a value when this happens. As more spammers realize >>that they have to create a RDNS entry we need to have a way to verify that >>it is a correct value. > >The problem is determining whether or not it is a correct value. For >example, our mailserver has a reverse DNS entry that doesn't correspond to >any of the domains that we send from. Even if it did, would the HELO/EHLO >our mailserver sends have to be the same for all domains, just so that it >will match the reverse DNS entry? It gets difficult doing matching like >this, unfortunately. > >>Should I start a private blacklist? I am trying to keep this low maintenance. > >That may be the best thing to do here. I'm guessing that this is an E-mail >that resulted from the address being supplied to a company without checking >the "Do not send me any partner offers" box. This type of E-mail can >technically be considered solicited, which makes it unlikely that their IP >will get listed in many spam databases. For this type of E-mail, you often >have to create your own blacklist (or unsubscribe, which often works for >this type of E-mail). > > -Scott >--- >Declude JunkMail: The advanced anti-spam solution for IMail mailservers. >Declude Virus: Catches known viruses and is the leader in mailserver >vulnerability detection. >Find out what you have been missing: Ask for a free 30-day evaluation. > >--- >[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.JunkMail". The archives can be found >at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Novice question, weight gain
How can I add a weight to this email message? -- Received: from airip2.emailvalues.com [65.60.9.93] by mx2.cooking.com (SMTPD32-7.07) id AC6A688008A; Tue, 08 Jul 2003 12:32:58 -0700 The REVDNS hostname is 93.9.60.65.in-addr.arpa, Yes, they have a RDNS entry but it does not match the HELO hostname or is a legitimate value. I would like to add a value when this happens. As more spammers realize that they have to create a RDNS entry we need to have a way to verify that it is a correct value. The problem is determining whether or not it is a correct value. For example, our mailserver has a reverse DNS entry that doesn't correspond to any of the domains that we send from. Even if it did, would the HELO/EHLO our mailserver sends have to be the same for all domains, just so that it will match the reverse DNS entry? It gets difficult doing matching like this, unfortunately. Should I start a private blacklist? I am trying to keep this low maintenance. That may be the best thing to do here. I'm guessing that this is an E-mail that resulted from the address being supplied to a company without checking the "Do not send me any partner offers" box. This type of E-mail can technically be considered solicited, which makes it unlikely that their IP will get listed in many spam databases. For this type of E-mail, you often have to create your own blacklist (or unsubscribe, which often works for this type of E-mail). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Novice question, weight gain
Scott, How can I add a weight to this email message? -- Received: from airip2.emailvalues.com [65.60.9.93] by mx2.cooking.com (SMTPD32-7.07) id AC6A688008A; Tue, 08 Jul 2003 12:32:58 -0700 From: Weight Loss <[EMAIL PROTECTED]> Subject: It's not a diet, it's a patch! To: [EMAIL PROTECTED] X-Mailer: 3.1.76-XP/NG [Jun 30 2003, 07:15:19] MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="105769106248969"; class-id=1:8SLss98ttYhD478tS:447028 Date: Tue, 8 Jul 2003 14:33:17 CST Message-ID: <[EMAIL PROTECTED]> X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?65.60.9.93 X-Declude-Sender: [EMAIL PROTECTED] [65.60.9.93] X-Declude-Spoolname: D1c6a0688008ab2d4.SMD X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: [Spam:7] SPAMCOP, IPNOTINMX X-Country-Chain: UNITED STATES->destination X-Note: This E-mail was sent from 93.9.60.65.in-addr.arpa ([65.60.9.93]). X-Spam-Prob: 0.973329 X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 350342350 --- The REVDNS hostname is 93.9.60.65.in-addr.arpa, Yes, they have a RDNS entry but it does not match the HELO hostname or is a legitimate value. I would like to add a value when this happens. As more spammers realize that they have to create a RDNS entry we need to have a way to verify that it is a correct value. Should I start a private blacklist? I am trying to keep this low maintenance. Thanks, Mike Kruidhof Cooking.com, Inc. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
