> It's also important to realize the purpose of the HELOBOGUS test. It
> isn't  designed  primarily  to catch spammers. It's designed to help
> detect poorly administered mailservers -- ones that are likely to be
> abused  by spammers.

True,   but   if  you're  using  HELOBOGUS  for  anything  other  than
advertising to your clients' clients--which Declude is definitely good
for  :)--you're  giving  it  a weight, so you are using it not only as
community outreach, but as a spam test.

> And those Fortune 500 companies that have their mailserver advertise
> itself  with  a  name  other  than what it really is, well, they are
> running mailservers that are poorly administered.

I  have  zero  respect for people who think they're too big to change:
CitiGroup  actually has a stated policy that they "do not make changes
for  outside  companies"  or  suchlike, which they use to avoid fixing
problems   they   don't   really   understand.   But   we  can't  have
zero-tolerance  for HELOBOGUS in practical terms, since we risk losing
clients by losing their clients, and the more hoops it takes to get to
an  IT  group,  the  more  annoyed everyone becomes (even if their own
bureaucracy is at fault).

> But  if  you  don't  penalize  them,  they  will definitely continue
> bending the rules too far, which helps increase spam.

Yes,  something  must  actually break, even if it just means that they
consistently trip the weekly ALERT threshold. But again, speaking from
a   combo   of   experience  and  my  own  grudges,  a  dead  HELO  of
'www03.example.com' is a lot less likely to get fixed than a dead HELO
of  just  'mail.'  Even  the  stupid  mail  admin can see and fix some
problems  with  the  latter,  while  the  former  will  likely involve
contacting  the much-feared DNS group, blah blah blah. And when people
do  ask us how to fix pass a "looser" test, we will of course continue
to  say  that  a  published  FQHN  is  required,  still  spreading the
"tighter" word to those admins.

We're  pretty  strict on our own. SPAManager, for example, was not our
idea.  But  clients  dictate  varying  tolerances.  Something that has
surprised  me  is  how  likely  difficult  internal  users are to have
irascible,   irrational   external  contacts/friends--self-evident,  I
suppose,  but  the  parity  is  just uncanny sometimes! At any rate, a
looser  HELOBOGUS option (maybe a separate test completely, now that I
think  about  it, to enable varying weights) would make HELOBOGUS less
of a liability for us.

>>But  I  WOULD  use  a  negative  test  in  the  style  of IPNOTINMX,
>>"rewarding"  a site slightly for having the ability, experience, and
>>control to match the two and hopefully combatting some FPs.

> Aha -- like the IPNOTINMX test.  That's a good idea.

Glad  you  agree  there!  I  think  the  two  tests  (exact  match and
parent/grandparent domain match) would be perfect.

-Sandy

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Reply via email to