Michael Clark writes: > Would a rule that adds points for no pingable web site for a domain > be useful? If spam comes in from [EMAIL PROTECTED], could > http://www.example.com be tested? If you get a 404 or no response, > give the message a couple points. Just an idea, Mike
Probably not terribly. The risks of folks including legit web sites that may have temporary connectivity problems might cause false-positives, and by the time SA gets its logic on the problem "spamvertised" sites are likely to still be live. How about a message sent from one pal to another that points to a site that got "slash-dotted" and is so over-quota that the controlling ISP pulled it temporarily? The strongest method of testing might be an attempt to send mail back to the (alleged) originator of the message (and aborting before sending data) to verify that the (alleged) sending address is valid. This, however, is very expensive both in cycles and networking traffic, and not 100% effective if the (alleged) originator address is accurately forged. Note that I say "alleged" in all of these because the "From " field cannot truly be trusted. Cheers. +------------------------------------------------+---------------------+ | Carl Richard Friend (UNIX Sysadmin) | West Boylston | | Minicomputer Collector / Enthusiast | Massachusetts, USA | | mailto:[EMAIL PROTECTED] +---------------------+ | http://users.rcn.com/crfriend/museum | ICBM: 42:22N 71:47W | +------------------------------------------------+---------------------+ ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk