Yahoo - Can't figure out a server is down?

2017-03-04 Thread Rob Gunther 
We have run our servers with a decoy, our MX records have been like this
for 10+ years:

mx0.example.com
mx1.example.com
mx2.example.com

mx1 & mx2 are real servers.  mx0 is nothing, it points to an IP address
that is controlled by us but there is no server.

The concept being that some spammers attempt that server, get nothing and
don't bother trying any other server.

This has been fine for a decade.

In the last few weeks we are finding that SOME (but not all) of Yahoo's
outbound servers are not dealing with this correctly.

They don't try the other servers in the MX record list.  They continue to
try delivery for a few hours to mx0 and then return the following error to
the sender:

*Sorry, we were unable to deliver your message to the following address.*

*>:*
*Unable to deliver message after multiple retries, giving up.*

We have confirmed this with a few domains that we host so far, even setup a
brand new domain and server to to testing with to verify that our suspicion
was true, Yahoo is not correctly dropping down to lower priority servers
anymore.

Has anyone else seen this?


Rob

Detecting Valid Message Replies

2017-01-03 Thread Rob Gunther 
The other day I was thinking it would be cool if you could detect
legitimate replies to mail I send.

Everyone gets spam with subjects like this:

Re: some type of trash subject

Obviously those are not replies to a message you sent.

That got me thinking of ways to authenticate a legitimate reply to a
message I sent.

I came up with a concept called 'Authenticated Reply Detection'.

It uses the Message-ID header to encode some information when a message
goes out - no database or saving of Message-ID is required.

If/When a reply comes back the details from Message-ID come back in the
'In-Reply-To' header.  If validated the message is guaranteed to be a reply
to a message I sent, and spamassassin could adjust scoring accordingly.

Has anyone ever seen anything like that before for SA?  Does it exist
already or any type of plugin etc?


Regards,

Rob