LuKreme wrote: > On 28-Jan-2010, at 09:23, Adam Katz wrote: >> This rule is poorly written as it does not limit its examination >> to the last external relay. > > The rule quite specifically does not look at the top received > header because all the spammers were using US based relays to avoid > checks like the one you suggested.
Then that is unfair discrimination, blocking all of a major ISP's customers' traffic. I suspect the rule instead pre-dates either the creation of the X-Spam-Relays-External pseudo-header or the author(s)' familiarity with it. See also http://en.wikipedia.org/wiki/HINET -- specifically footnote four, which states they were at the top of SpamCop's reported sender list in 2008. Neither hinet nor chunghwa are currently on the list. SpamCop sister-site SenderBase seems to indicate at http://www.senderbase.org/senderbase_queries/detaildomain?search_string=hinet.net that there isn't much traffic coming from IPs whose rDNS contain 'dynamic.hinet.net' anyway, so it appears they've cleaned up. I side with the complainer on this one. The rule is too broad, and, like most SARE rules, it is probably stale. This should act as another reminder that the SARE rules are old and no longer maintained, and should not be deployed without careful consideration. This rule came from a *1.cf file. I strongly discourage using SARE's *[1-9].cf files as they are even documented as being riskier even back when they were maintained.
