On Wed, Jul 02, 2008 at 09:18:41PM -0700, John Hardin wrote: > > On Thu, 2008-07-03 at 05:59 +0300, Henrik K wrote: > > On Wed, Jul 02, 2008 at 12:08:43PM -0700, John Hardin wrote: > > > On Wed, 2 Jul 2008, Marc Perkel wrote: > > > > > >> Again - it's not to figure out where spam comes from. It's figuring out > > >> where non-spam comes from. I think there are registrars out there that > > >> don't have any spam domains registered. > > > > > > Right, but how do you guarantee a host with a whitelisted RDNS domain > > > name doesn't get infected with a smapbot? > > > > What's that got to do with anything? If there's a 0.5% chance, who cares. > > You should always scan for viruses, but it's trivial to skip SA for such > > cases. Are you saying that we shouldn't take advantage of DNSWL data either, > > since it's possible that some spam may come? > > No, I was simply responding to Marc's apparent contention that a host > with an RDNS domain name from a trustworthy registrar won't be a source > of spam.
I doubt you have any statistics about this, so why speculate? No one has to _guarantee_ anything. If Marc is able to find some good correlation for (almost) spamless sources, it will help everyone.