Re: A new paradigm for DNS based lists
On ons 29 dec 2010 18:24:00 CET, Matt wrote So any email from hotmail.com, gmail.com, yahoo.com, etc. if there SPF or DKIM passes skip any further DNS tests? blind testing if sender is one of them, dont do more mta testing ? if wanting to reduce load on sa then whitelist from spf or dkim, and based on that shortcicuit future sa testing, just dont whitelist with vildcards -- xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: A new paradigm for DNS based lists
On ons 29 dec 2010 18:33:25 CET, Marc Perkel wrote I would skip test if they have SPF because spammers often set their SPF correctly. stop this throlling, spammers dont add whitelist_from_spf into spamassassin -- xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: A new paradigm for DNS based lists
Could a similiar thing be accomplished with a simple list of free email provider etc. domains and checking there SPF or DKIM records and if they pass bypassing any other DNS lists? So any email from hotmail.com, gmail.com, yahoo.com, etc. if there SPF or DKIM passes skip any further DNS tests?
Re: A new paradigm for DNS based lists
On 12/29/2010 9:24 AM, Matt wrote: So any email from hotmail.com, gmail.com, yahoo.com, etc. if there SPF or DKIM passes skip any further DNS tests? Yes - there's no point in doing DNS blacklist lookups on yahoo, hotmail, and gmail as well as thousands of other mixed source providers. The IP tells you nothing. That's why I suggest the yellow listing. I would skip test if they have SPF because spammers often set their SPF correctly. -- Marc Perkel - Sales/Support supp...@junkemailfilter.com http://www.junkemailfilter.com Junk Email Filter dot com 415-992-3400
Re: A new paradigm for DNS based lists
On 12/29/10 11:33 AM, Marc Perkel supp...@junkemailfilter.com wrote: On 12/29/2010 9:24 AM, Matt wrote: So any email from hotmail.com, gmail.com, yahoo.com, etc. if there SPF or DKIM passes skip any further DNS tests? Yes - there's no point in doing DNS blacklist lookups on yahoo, hotmail, and gmail as well as thousands of other mixed source providers. The IP tells you nothing. That's why I suggest the yellow listing. There may be no reason to check the last-external address, but plenty of reasons to do deep parsing and check the original source address or some intermediate relay. I would skip test if they have SPF because spammers often set their SPF correctly. Please stop talking about SPF until you understand the purpose for which it is intended, which you obviously still don't based on this comment (despite the flame war over SPF you started a few weeks ago.) -- Daniel J McDonald, CCIE # 2495, CISSP # 78281
Re: A new paradigm for DNS based lists
On Wed, 29 Dec 2010 09:33:25 -0800 Marc Perkel supp...@junkemailfilter.com wrote: Yes - there's no point in doing DNS blacklist lookups on yahoo, hotmail, and gmail as well as thousands of other mixed source providers. I disagree. I have a strong feeling that some of those providers route less-trustworthy mail through certain IP addresses and more-trustworthy mail through others. For example, some of Yahoo's servers are listed in our good list while others are listed in our bad list. The difference in observed behaviour between the two sets of Yahoo servers is very dramatic. We don't outright block hosts in the bad list, but we do add points. Regards, David.
Re: A new paradigm for DNS based lists
On 12/29/2010 11:10 AM, David F. Skoll wrote: On Wed, 29 Dec 2010 09:33:25 -0800 Marc Perkelsupp...@junkemailfilter.com wrote: Yes - there's no point in doing DNS blacklist lookups on yahoo, hotmail, and gmail as well as thousands of other mixed source providers. I disagree. I have a strong feeling that some of those providers route less-trustworthy mail through certain IP addresses and more-trustworthy mail through others. For example, some of Yahoo's servers are listed in our good list while others are listed in our bad list. The difference in observed behaviour between the two sets of Yahoo servers is very dramatic. We don't outright block hosts in the bad list, but we do add points. Regards, David. Hi David, My idea doesn't preclude you from having a bad yahoo list and adding points. I'm just saying that when it comes to checking other blacklists to see if any yahoo server is listed it's a waste of resources. If it's a yahoo server of any flavore why look it up on the blacklists? -- Marc Perkel - Sales/Support supp...@junkemailfilter.com http://www.junkemailfilter.com Junk Email Filter dot com 415-992-3400
Re: A new paradigm for DNS based lists
On 2010-12-29 20:50, Marc Perkel wrote: On 12/29/2010 11:10 AM, David F. Skoll wrote: On Wed, 29 Dec 2010 09:33:25 -0800 Marc Perkelsupp...@junkemailfilter.com wrote: Yes - there's no point in doing DNS blacklist lookups on yahoo, hotmail, and gmail as well as thousands of other mixed source providers. I disagree. I have a strong feeling that some of those providers route less-trustworthy mail through certain IP addresses and more-trustworthy mail through others. For example, some of Yahoo's servers are listed in our good list while others are listed in our bad list. The difference in observed behaviour between the two sets of Yahoo servers is very dramatic. We don't outright block hosts in the bad list, but we do add points. Regards, David. Hi David, My idea doesn't preclude you from having a bad yahoo list and adding points. I'm just saying that when it comes to checking other blacklists to see if any yahoo server is listed it's a waste of resources. If it's a yahoo server of any flavore why look it up on the blacklists? coz we can't be bothered to do otherwise?
Re: A new paradigm for DNS based lists
On Wed, 29 Dec 2010 11:50:56 -0800 Marc Perkel supp...@junkemailfilter.com wrote: My idea doesn't preclude you from having a bad yahoo list and adding points. I'm just saying that when it comes to checking other blacklists to see if any yahoo server is listed it's a waste of resources. If it's a yahoo server of any flavore why look it up on the blacklists? Well, if you use our DNSBL, you'll find some Yahoo servers listed as bad and some as good. (Our DNSBL is not publicly available, but in principle there could be a trustworthy publicly-available list that uses the same listing criteria as ours.) Giving Hotmail, Yahoo, etc. servers a free pass will simply shift spammer economics in favour of CAPTCHA-breaking and/or phishing to obtain freemail credentials. That won't do anyone any good. Regards, David.