Bill Landry wrote:
Marc Perkel wrote the following on 7/12/2007 7:19 PM -0800:
Meng Weng Wong wrote:
On Jul 12, 2007, at 9:15 AM, Marc Perkel wrote:
Need a rule written to take advantage of this trick and this could
be a major breakthrough in white listing.
Here's what it
John D. Hardin wrote:
On Thu, 12 Jul 2007, Marc Perkel wrote:
I'm just tired of having to deal with the bad side effects of SPF
and expainging to people that the can't use my spam filtering
unless they turn SPF off.
What's wrong with that? They are explicitly contracting with you
On Thu, 12 Jul 2007, Marc Perkel wrote:
I'm just tired of having to deal with the bad side effects of SPF
and expainging to people that the can't use my spam filtering
unless they turn SPF off.
What's wrong with that? They are explicitly contracting with you to
perform mail forwarding, if
Without diving too deep into this can of worms I'd like to point out
that rejecting mail due to SPF fails is a whole different ball-game-of-
wax than accepting mail due to an SPF pass -- the limitations related
to forwarding are well known, but orthogonal to whitelisting, which is
what this
Marc Perkel wrote:
Meng Weng Wong wrote:
On Jul 12, 2007, at 9:15 AM, Marc Perkel wrote:
Need a rule written to take advantage of this trick and this could be
a major breakthrough in white listing.
Here's what it needs to do:
1) Take the IP of the connecting host and do an RDNS lookup to
Marc Perkel wrote:
I appreciate you effort in this but lets come up with something useful.
If you give up SPF I will give you and PoBox some anti-spam technology
that will revolutionize your spam filtering. I'm just tired of having to
deal with the bad side effects of SPF and expainging to
Daryl C. W. O'Shea wrote:
Marc, I'm quite amazed that you still haven't picked up the term FCrDNS!
Thanks - never hard that before. Glad there's a word for it.
Meng Weng Wong wrote:
Without diving too deep into this can of worms I'd like to point out
that rejecting mail due to SPF fails is a whole different
ball-game-of-wax than accepting mail due to an SPF pass -- the
limitations related to forwarding are well known, but orthogonal to
Daryl C. W. O'Shea wrote:
Marc Perkel wrote:
I appreciate you effort in this but lets come up with something
useful. If you give up SPF I will give you and PoBox some anti-spam
technology that will revolutionize your spam filtering. I'm just
tired of having to deal with the bad side
Perkel [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 12, 2007 5:14 PM
To: users@spamassassin.apache.org
Subject: Re: Need a rule written - Can whitelisting be this easy?
Here's my list so far. These are host name - not from addresses. So it
matches *.hostname.com
I could use more to add
Daryl C. W. O'Shea wrote:
Guess what Marc, spammers can publish ANY DNS records! That includes
TXT records, type 99 (SPF) records, and your precious A and PTR records.
What spammers can't do is publish a forward confirmed RNDS that ends in
wellsfargo.com, which would be a listed
Marc Perkel wrote:
What I'm proposing here requires that the domain do nothing at all
except to not send spam. It's verified RDNS for lack of a better term.
It is intrinsic to the existing system. All you have to do is check
the RDNS, look up the name returned to see if it points back to the
Marc Perkel wrote:
Daryl C. W. O'Shea wrote:
Marc Perkel wrote:
SPF is rather useless. Spammers can publish SPF records.
Guess what Marc, spammers can publish ANY DNS records! That includes
TXT records, type 99 (SPF) records, and your precious A and PTR records.
What spammers can't do
Need a rule written to take advantage of this trick and this could be a
major breakthrough in white listing.
Here's what it needs to do:
1) Take the IP of the connecting host and do an RDNS lookup to get the name.
2) Verify that the name that was looked up resolves to the same IP address.
3)
Marc Perkel wrote:
1) Take the IP of the connecting host and do an RDNS lookup to get the
name.
2) Verify that the name that was looked up resolves to the same
IP address.
3) Look up the name in this dns list ===
example.com.hostdomain.junkemailfilter.com
4) if it returns 127.0.0.1 -
How about this one:
Client IP is 213.200.218.50 - reverse lookup returns mail.specogna.ch.
Lookup mail.specogna.ch returns 213.200.218.50. Looks good.
Lookup mail.specogna.ch.junkemailfilter.com - (what does this tell me,
regardless of what it returns?)
But let's assume
Per Jessen wrote:
Marc Perkel wrote:
1) Take the IP of the connecting host and do an RDNS lookup to get the
name.
2) Verify that the name that was looked up resolves to the same
IP address.
3) Look up the name in this dns list ===
example.com.hostdomain.junkemailfilter.com
4) if it
Loren Wilton wrote:
How about this one:
Client IP is 213.200.218.50 - reverse lookup returns mail.specogna.ch.
Lookup mail.specogna.ch returns 213.200.218.50. Looks good.
Lookup mail.specogna.ch.junkemailfilter.com - (what does this tell me,
regardless of what it returns?)
But let's assume
Marc Perkel wrote:
What I have is a database of a few thousand big domains who never send
spam. Banks, Credit Card compaines, airlines, and other big
bisunesses.
I think big domains who never send spam is an oxymoron. I don't think
that is a valuable criteria at all.
Once the host is
Loren Wilton wrote:
I think what Marc is saying is that he is creating a global whitelist.
Yeah, me too. I have a pretty decent list of whitelist_from_rcvd
statements that is exactly that. If Marc can provide such a list, we
might have something worth discussing.
Presumably that machine
Marc Perkel wrote:
If you do a lookup of the host name to verify it resolves back to the
same IP then spammers can't forge that.
And? It doesn't work for my example, does it?
Then I have a list of big companies that never send spam.
Oxymoron.
/Per Jessen, Zürich
On Jul 12, 2007, at 12:35 PM, Per Jessen wrote:
Yeah, me too. I have a pretty decent list of whitelist_from_rcvd
statements that is exactly that. If Marc can provide such a list, we
might have something worth discussing.
Would you be willing to share your whitelist with the public?
For
Per Jessen wrote:
Marc Perkel wrote:
What I have is a database of a few thousand big domains who never send
spam. Banks, Credit Card compaines, airlines, and other big
bisunesses.
I think big domains who never send spam is an oxymoron. I don't think
that is a valuable criteria at all.
Ken A wrote:
or maybe a bot, who knows.. unless you establish with some confidence
that the IP used sends ham only, you have nothing. According to arin,
wellsfargo.com has 151.151.0.0/16 at least.. probably more. You really
think you can trust 65534 hosts, so long as somebody setup the DNS
Ken A wrote:
Nope, that's not correct. It's being sent by a Wells Fargo mail
server, that is all.
or maybe a bot, who knows.. unless you establish with some confidence
that the IP used sends ham only, you have nothing.
My point exactly. And even if you do establish with some
Per Jessen wrote:
Ken A wrote:
Nope, that's not correct. It's being sent by a Wells Fargo mail
server, that is all.
or maybe a bot, who knows.. unless you establish with some confidence
that the IP used sends ham only, you have nothing.
My point exactly. And even if you do establish with
Here's my list so far. These are host name - not from addresses. So it
matches *.hostname.com
I could use more to add to the list.
123greetings.com
123greetings.info
20min.ch
2checkout.com
2co.com
2wheelsuperstore.com
34sp.com
360degreeslawn.com
3dsystems.com
3kloffice.info
4342thomas.com
On 7/12/2007 5:14 PM, Marc Perkel wrote:
atx.net
This is a shared domain hosted by an ISP's shared mail servers. Any
customer of the ISP can have an email address at this domain and each
has permission to send email from it. This clearly doesn't belong.
gov
[...]
grants.gov
does gov mean
At 14:14 12-07-2007, Marc Perkel wrote:
Here's my list so far. These are host name - not from addresses. So
it matches *.hostname.com
I have seen spam and viruses originating from some of the domains you listed.
Regards,
-sm
Dave Koontz wrote:
Marc, how do you arrive at your list, through user submission or your own
observation? I notice the list is mostly void of any .EDU organizations.
As you probably know, .EDU domain registration is restricted to only those
meeting certain criteria and must go through
Dave Koontz wrote:
Marc, please don't mis-read. Honestly, it was a simple question. Is
the list from your own observation, or from user submissions? It's that
simple. The rest is just why it may not work for us in it's present form!
It's a combination of a lot of sources. Some of
Marc, please don't mis-read. Honestly, it was a simple question. Is
the list from your own observation, or from user submissions? It's that
simple. The rest is just why it may not work for us in it's present form!
Marc Perkel wrote:
Dave Koontz wrote:
Marc, how do you arrive at your
On Jul 12, 2007, at 9:15 AM, Marc Perkel wrote:
Need a rule written to take advantage of this trick and this could
be a major breakthrough in white listing.
Here's what it needs to do:
1) Take the IP of the connecting host and do an RDNS lookup to get
the name.
2) Verify that the name
2007/7/12, Meng Weng Wong [EMAIL PROTECTED]:
On Jul 12, 2007, at 9:15 AM, Marc Perkel wrote:
Need a rule written to take advantage of this trick and this could
be a major breakthrough in white listing.
Here's what it needs to do:
1) Take the IP of the connecting host and do an RDNS lookup
Meng Weng Wong wrote:
On Jul 12, 2007, at 9:15 AM, Marc Perkel wrote:
Need a rule written to take advantage of this trick and this could be
a major breakthrough in white listing.
Here's what it needs to do:
1) Take the IP of the connecting host and do an RDNS lookup to get
the name.
2)
SPF is rather useless. Spammers can publish SPF records.
Which is why the OP specifically stated:
What does it mean? An SPF pass, on its own, means little; an RHSWL
match, on its own, means little; but together, they mean a lot.
Was it asking too much of you to READ the message posted
On Thu, Jul 12, 2007 at 07:19:06PM -0700, Marc Perkel wrote:
SPF is rather useless. Spammers can publish SPF records.
Right, they can publish SPF records, so what? You want to know if
example.com is coming from a place that mail from example.com is supposed
to come from, and SPF tells you that.
Marc Perkel wrote the following on 7/12/2007 7:19 PM -0800:
Meng Weng Wong wrote:
On Jul 12, 2007, at 9:15 AM, Marc Perkel wrote:
Need a rule written to take advantage of this trick and this could
be a major breakthrough in white listing.
Here's what it needs to do:
1) Take the IP of
Bill Landry wrote the following on 7/12/2007 9:58 PM -0800:
Marc Perkel wrote the following on 7/12/2007 7:19 PM -0800:
Meng Weng Wong wrote:
On Jul 12, 2007, at 9:15 AM, Marc Perkel wrote:
Need a rule written to take advantage of this trick and this could
be a major
39 matches
Mail list logo