Hey fellow listers,
I received an email the other day with the following header:
Return-Path: [EMAIL PROTECTED]
Received: from p04.groups.msn.com ([65.54.195.216] verified)
by DakotaRainbow.com (Stalker SMTP Server 1.8b9d14)
with ESMTP id S.0000203918 for <[EMAIL PROTECTED]>; Fri, 25 Jun 2004 21:38:09 -0500
Received: from mail pickup service by p04.groups.msn.com with Microsoft SMTPSVC;
Fri, 25 Jun 2004 19:33:25 -0700
X-Originating-Ip: 207.68.170.30
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Your e-mail to [EMAIL PROTECTED] cannot be delivered
Date: Fri, 25 Jun 2004 19:33:24 -0700
Now, my question. I'm guessing this message is spam, therefore, I need to add an IP to my internal blacklist.
As others have noted, it looks more like a bounce of a message sent into the MSN 'groups' system with a (presumably forged) sender address of [EMAIL PROTECTED] A lot of those sorts of bogus bounces are happening these days, largely because of the myriad of MS worms out there using random addresses found on infected machines as senders.
You may want to think carefully about blacklisting senders of such bounces.
Which one do I use? I have two choices: 65.54.195.216, (the first IP listed in the header) or 207.68.170.30 (the second IP listed). If I'm not mistaken, you guys always say that the first IP is the only one you can trust, and that's the one I've been adding to my blacklist, which now contains around 100 IPs. I know I've asked this question before, but I'm just making sure. TIA!
Beyond being the only one you can trust, it is the one which is relevant. SIMS does not look at Received headers for blacklisting, it only uses the IP blacklist in relation to what machine is actually connecting to it.
P.S.
Bill Cole, was it you that has a web page of all the IPs & IP ranges in your blacklist? I'd like that link again, please? I'm too lazy to go searching back through all my SIMS mail to find it again! LOL Also, what was the name of that DNSRBL that lists dial-up addresses? I'd like to add it to my list of servers. Thanks!
I no longer actually use the SIMS internal blacklist because my local blacklist outgrew the capacity of SIMS. I do keep my local blacklist publicly available but it would be a very bad idea for anyone else to use it. You are free to look at it at http://www.scconsult.com/blacklist.shtml but heed the warnings: it's unsuited for general use.
(I made the list public so that people can see for sure why they've had mail rejected here and because I had a slightly annoying trickle of requests for my blacklist over the space of some years before I had it on the website, and I got tired are explaining to people why it was really not useful to them. )
--
Bill Cole [EMAIL PROTECTED]
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
