..that seems new. I see it's an RBL that "contains domains registered within the last five days".
Can someone explain what that means? I guess it means "seen by DOB within the last five days" more than a domain that was registered within the last five days? I say that because email from my home domain (registered 4 years ago) is currently on the list... Anyway, emails that are on the list seem to trigger 3 different rules - which adds up to +2 points - is that expected behaviour? Thanks Jason e.g. (actual spam to the Samba mailing-list) 0.0 STOX_REPLY_TYPE STOX_REPLY_TYPE -4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium trust [66.70.73.150 listed in list.dnswl.org] 0.3 DNS_FROM_DOB RBL: Sender from new domain (Day Old Bread) 0.8 RCVD_IN_DOB RBL: Received via relay in new domain (Day Old Bread) 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see <http://www.spamcop.net/bl.shtml?88.232.135.123>] 1.1 RCVD_IN_SORBS_WEB RBL: SORBS: sender is a abuseable web server [88.232.135.123 listed in dnsbl.sorbs.net] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% [cf: 100] 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 0.9 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread) [URIs: samba.org] -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1