On 11/12/21 00:43, Loren Wilton wrote:
I have to admit I'd never paid much attention to the RCVD_IN_DNSWL_*
scores on spam before.
Looking at spam for last month, I don't have a single RCVD_IN_DNSWL_MED.
But I do have 12 pretty blatent spams that hit RCVD_IN_DNSWL_HI.
It makes me wonder just how useful a rule it is.
Especially when it includes sendgrid as part of the "HI" reputation
senders.
When I was using my provider DNS server, I started to receive a lot of
spam, mails were scored with RCVD_IN_DNSWL_HI=-5.
I turned out that most queries were resolved as 127.0.0.255 (BLOCKED),
but some of them as 127.0.10.3 (listed HI as "some special cases" category)
So you need to use your own DNS server and make sure you are below 100k
queries/day, or get a subscription. Otherwise spam occasionally starts
to get in.
Regards,
Łukasz